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Storm  Warnings 


The  dark  side  of  cyberspace  tends  to  sneak  up  on  you.  One  minute  you’re 
clicking  away  on  a  trusted  website.  The  next  minute,  you’re  staring  at  a 
flashing  security  warning,  commanding  the  download  of  “virus  protection 
software”  that  later  turns  out  to  be  malware  masquerading  as  an  ad. 

The  problem  for  CIOs  is  that  some  cybercriminally  inclined  idiot  is 
always  thinking  up  something  next.  And  they’re  targeting  the  weakest 
link  of  all:  your  end-users. 

Speaking  on  behalf  of  average  users  everywhere,  let  me  remind  you  that 
we  don’t  know  jack.  When  it  comes  to  secure  computing  practices,  most  of 
us  are  worse  than  sheep  (who  at  least  can’t  do  their  companies  much  harm 
online  due  to  a  lack  of  opposable  thumbs). 

Online  security  risks  are,  of  course,  a  hardy  perennial  in  the  garden  of 
CIO  concerns.  So  why  should  you  be  more  attentive  to  them  now  than,  say, 
a  year  or  two  ago? 

You’ll  find  some  definitive  answers  to  that  in  our  cover  story  (“Why 
Security  Matters  Again,”  Page  26),  which  reports  the  results  of  this  year’s 
Global  Information  Security  survey.  We  conducted  this  survey  jointly  with 
PricewaterhouseCoopers  and  CSO  magazine,  gathering  responses  from 
7,300  business  and  technology  executives  around  the  world. 

One  surprise  was  that  even  in  the  grip  of  a  global  recession,  companies 
did  not  pare  down  security  spending,  although  they  are  clearly  outsourc¬ 
ing  less  and  pulling  certain  protections  back  in-house.  Another  welcome 
surprise  was  the  resurgence  of  CSO  titles  and  IT  security  chief  jobs.  An 
overwhelming  85  percent  of  our  survey-takers  reported  having  a  top  secu¬ 
rity  exec  in  position  now— way  up  from  last  year’s  56  percent. 

What  wasn’t  so  surprising  are  the  underlying  reasons  why  security 
matters  again:  social  networking  and  cloud  computing,  both  set  against  a 
regulatory  backdrop  of  increasing  compliance  mandates. 

The  perils  that  social  networking  sites  pose  to  intellectual  property  are 
already  much-discussed  in  the  press  and  around  the  C-suite.  But  user  edu¬ 
cation  and  training  is  lacking  at  most  companies,  our  survey  shows. 

Top  that  concern  off  with  the  accelerating  move  toward  outsourcing  key 
IT  assets  to  software-as-a-service  vendors  and  cloud  services  providers, 
most  of  whom  are  feeling  their  way  through  a  wildly  uncertain  market. 

If  you  haven’t  given  security  much  attention  lately,  it’s  time  to  shine  a 
little  light  on  the  subject.  Don’t  let  the  darkness  catch  you  unawares. 
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Lately,  CIO.com  Senior  Editor  Thomas 
Wailgum  has  been  looking  at  the  ERP  land¬ 
scape.  Not  surprisingly,  it's  complicated. 

To  wit:  his  perspective  on  a  Fox  News 
story  about  the  progress  and  scope  of  the 
United  Nations's  $337  million  SAP 
ERP  implementation. 

George  Russell  of  Fox  News  was  quick 
to  criticize  a  U.N.  document  detailing  the 
progress  and  scope  of  the  project,  cas¬ 
tigating  the  U.N.  "bureaucrats"  for  their 
"sweeping  generalities"  when  they  de¬ 
scribed  the  project's  alleged  efficiencies 
and  cost  savings. 

Wailgum  takes  a  closer  look  at  the 
document,  honing  in  on  the  change 
management  challenges.  Quips  one 
commenter:  "I  can't  think  of  a  more  enter¬ 
taining  spectacle  to  watch:  the  unyielding 
international  behemoth  versus  the  unyield¬ 
ing  international  behemoth.  ...Anyone  got 
the  popcorn  ready?" 
advice.cio.com/node/8637 

If  you're  not  wrestling  with  a  new  ERP 
installation,  Wailgum  writes,  maybe  you're 
stuck  with  a  mature  ERP  system  imple¬ 
mented  by  your  predecessor.  Inherited 
systems  come  with  their  own  set  of  bag¬ 
gage,  including  four  common  challenges. 
www.cio.com/article/502280 

Meanwhile,  according  to  Aberdeen  Group, 
Tier  1  and  Tier  2  ERP  providers  have  suc¬ 
ceeded  in  wooing  the  midmarket.  And 
now  those  ERP  customers  are  opting 
to  ignore  new  suite  releases  and 
upgrades.  Standardization  is  essential, 
Wailgum  says,  if  companies  want  to  gain 
operational  efficiencies. 
www.cio.com/article/501907 

Oprah  vs,  Supply  Chains 


Maryf  ran  Johnson,  Editor  in  Chief,  CIO  Magazine  &  Events 

mfjohnson@cio.com 


When  Oprah  Winfrey  endorses  a  company's 
product,  the  marketing  team  whoops  and 
the  supply  chain  team  grimaces.  If  you're 
going  to  benefit  from  the  "Oprah  Effect," 

you'd  better  be  ready  to  deliver  the 
goods.  An  Oprah  appearance 
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...and  a  right  way. 
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they've  done  so  while  improving  the  value  of  IT  to  their  businesses.  Think  it's  too  good  to  be  true? 
Go  to  compucom.com  to  see  how  IIMv3  can  help  you  spend  less,  align  more  and  innovate  better. 
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Doing  Less 
With  Less 


Remember  the  1976  movie  Network,  in  which  actor  Howard  Beale  goes 
on  an  on-air  rampage  encouraging  viewers  to  lean  out  their  windows  and 
scream,  “I  am  mad  as  hell  and  I  am  not  going  to  take  it  anymore!”? 

Beale’s  rant  came  to  mind  during  a  recent  series  of  dinners  I  attended  for 
CIOs  around  the  country,  hosted  by  enterprise  software  vendor  CA. 

The  focus  of  the  dinners  was  a  concept  called  “enterprise  lean  systems”— 
a  phrase  that  was  new  to  me.  Analysts  best  sum  up  lean  IT  in  these  four 
words:  maximize  value,  lower  costs. 

As  I  gave  my  opening  remarks  at  each  dinner,  I  promised  my  guests 
that  we  were  collectively  going  to  drive  a  nail  into  the  do-more-with-less 
coffin.  And  at  dinner  after  dinner,  from  Denver  to  Philadelphia  to  Wash¬ 
ington,  D.C.,  guests  vociferously  agreed  with  what  one  CIO  referred  to  as 
the  “moronic”  marketing  phrase  of  doing  more  with  less. 

One  key  lesson  CIOs  are  learning  during  this  recession  is  that  the  three 
most  important  words  in  the  lexicon  of  successful  CIOs  are:  “business, 
business,  business.”  Smart  CIOs  know  that  budgets  for  2010  will  not  spring 
back  to  levels  seen  prior  to  2007  for  several  more  years.  They  also  know 
that  the  business  continues  to  demand  more  solutions  every  day. 

At  one  dinner,  a  CIO  said  his  mantra  for  2010  was  “do  less  with  less.”  I 
asked  him  what  he  meant  by  that.  He  said  CIOs  needed  to  do  a  much  better 
job  at  prioritizing  projects  and  doing  fewer  of  them  with  less  money  in  the 
budget  for  next  year. 

Makes  sense. 

Are  you  mad  as  hell  and  not  going  to  take  the  do-more-with-less  march¬ 
ing  orders  any  longer?  Visit  your  favorite  search  engine  and  discover  all 
you  can  about  enterprise  lean  systems  and  lean  IT.  The  demand  for  tech 
solutions  will  continue  to  soar  next  year.  Your  budgets  will  not.  But  I 
guarantee  you  that  you  can  find  lots  of  fat  that  can  be  trimmed  to  fund  the 
projects  that  count. 

Enterprise  lean  systems  can  help  you  do  that. 

Good  luck  in  doing  less  with  less. 
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Cary  Beach,  Publisher  Emeritus 
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in  downtown  Chicago  last  month  accounted 
for  about  10  percent  more  shopper  traffic. 
www,cio.com/article/501830 

Put  Down  That  Phone 

The  National  Transportation  Safety  Board 

has  barred  its  employees  from  talking 
or  texting  while  driving-even  if  they 
employ  hands-free  products  like  Bluetooth 
headsets  and  speakerphones.  CIO.com  Staff 
Writer  Al  Sacco  is  understandably  skeptical. 
"How  will  this  ban  be  enforced?  How  would 
an  NTSB  manager  know  if  Mr.  Suit  decided 
to  pick  up  the  call  from  his  wife?" 
www.cio.com/article/501805 

A  New  Way  to  Pay? 

Offshore  outsourcers  are  coming  up  with 
new  pricing  methods  in  response  to  more 
demanding  customers.  Provider  MindTree 
is  publicizing  its  hybrid  pricing  model, 
which  it  says  combines  the  best  of  both 
time-and-materials  and  fixed-price  models. 
Is  this  IT  service  pricing  innovation 
or  slick  marketing?  ClO.com's  Stephanie 
Overby  weighs  in. 
www.cio.com/article/502196 

Seeing  Through  the  Cloud 

Don't  believe  that  cloud  services  are  a 
"magic  bullet,"  says  Forrester  Research  ana¬ 
lyst  Paul  Roehrig.  He  shares  five  tips  for  IT 
leaders  investigating  cloud  service  provid¬ 
ers  and  suggests  how  to  get  started 
separating  the  features  and  services 
that  are  nice  to  have  from  what  you 
really  need 

www.cio.com/artide/502114 

Separated  at  Birth 

Tech  titans  are  often  one-of-a-kind  charac¬ 
ters,  but  some  Silicon  Valley  kingpins 
have  virtual  twins  lurking  in  Hollywood 
and  Washington,  D.C.  Who  might  be  Sales- 
force.com  Marc  Benioff’s  or  former  HP  CEO 
Carly  Fiorina's  doppelganger?  Take  a  look. 
www.cio.com/article/502B46 


Compiled  by  Associate  Editor  Kristin 
Burnham.  Have  a  comment  about  a  story 
in  this  issue  of  CIO?  Co  to  www.cio.com/ 
magazine/20091015  or  write  to  lettersig) 
cio.com. 
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1  User  enters  username  and  password. 

E  Instantly,  user  receives  a  call,  simply  answers 
and  presses  #  (or  a  PIN )  to  complete  the  login 


Get  the  strong  two-factor  security  you  need 
to  protect  against  today’s  sophisticated 
threats  without  the  hassle  and  cost  of 
yesterday’s  technology. 

•  Easy  to  Setup,  Manage,  and  Use 

•  Strong  Out-of-Band  Authentication 

•  Rapid  Regulatory  Compliance 

•  Far  Less  Expensive  Than  Tokens 


“Even  if  a  hacker  has  your  password,  your  account 
remains  secure.”  -  New  York  Times 


►PhoneFactor 


www.phonefactor.com  |  1.877.NoToken 
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Dell  to  Acquire  Perot  Systems 

Dell,  which  has  struggled  with  flagging  sales  of  personal  computers 
and  servers  during  the  downturn,  has  bought  itself  a  piece  of  the 
federal  government's  stimulus  pie, 

The  company  said  last  month  that  it  would  spend  $3.9  billion  in 
cash  to  buy  Perot  Systems,  a  provider  of  technology  services  that  is 
especially  strong  in  the  growing  field  of  electronic  health  records. 
The  government  is  pouring  $19  billion  over  the  next  five  years  into 
technology  to  help  doctors  and  hospitals  digitize  medical  records. 

Dell  and  Perot  were  already  working  together  on  some  medical 
projects.  Perot  serves  1,000  hospitals-more,  it  says,  than  any  other 
services  firm.  The  New  York  Times 


Apple  Probes 
Battery  Woes 

Continued  complaints  about 
fast-draining  iPhone 
batteries  have  prompted 
Apple  to  ask  some  users 
to  install  power-logging 
software  to  help  diagnose 
the  problem,  according  to 
messages  on  the  company's 
support  forum. 

Apple  technical  support 
has  also  used  a  question¬ 
naire  in  its  discussions  with 
users  in  an  attempt  to 
figure  out  the  cause  of 
rapid  battery  drain.  Ques¬ 
tions  cover  topics  including 
Wi-Fi,  Bluetooth  and  e-mail 
use.  Computerworld 

Twitter  Cofounder 
Says  No  Ads 
This  Year 

Twitter  has  no  plans  to 
put  ads  on  the  popular 
microblogging  site  this  year, 
cofounder  Biz  Stone  said 
while  attending  a 
conference  last  month. 

Stone,  who  said  Twitter 
is  "pretty  good  right  now" 
with  regards  to  funding, 
added  the  company's  imme¬ 
diate  focus  was  on  building 
out  features  ranging  from 
improved  search  to  paid 
commercial  accounts. 
Reuters 


Google  Wins  Partial  Victory  in  E.U. 
Legal  Battle  Over  Trademarks 


Google  may  have  won  a  partial  victory  in  its  long-running  legal  battle 
with  trademark  owners  last  month,  when  a  seniorjudge  at  the 
European  Court  of  Justice  said  the  company  didn't  infringe  anyone's 
trademark  rights  by  allowing  advertisers  to  buy  search  keywords  cor¬ 
responding  to  those  trademarks. 

Advocate  General  Poiares  Maduro  added,  however,  that  Google  may 
be  liable  for  running  advertisements  that  offer  trademark-infringing 
products  in  its  AdWords  advertising  service. 

Maduro  was  giving  a  nonbinding  legal  opinion,  as  is  customary, 
ahead  of  a  ruling  by  the  court.  The  ruling  is  expected  early  next  year. 

In  nearly  all  such  cases,  the  court  follows  the  opinion  of  the  advocate 
general.  IDG  Newsservice 


French  Parliament  Approves 
"Three-Strikes"  Antipiracy  Law 

The  French  National  Assembly  voted  last  month  to  adopt  the  so- 
called  "three  strikes"  law  criminalizing  file-sharing.  Those  caught 
infringing  copyrights  online  could  face  the  suspension  of  their 
Internet  access,  a  fine  or  even  prison. 

Three  accusations  of  copyright  infringement  must  be  leveled 
at  offenders  before  their  Internet  access  is  suspended.  The  law 
would  create  a  new  body-the  High  Authority  for  the  Distribution 
of  Works  and  the  Protection  of  Rights  on  the  Internet  (nicknamed 
Hadopi)— tasked  with  receiving  the  accusations  and  sending  out 
warnings,  first  by  e-mail  and  then  by  registered  mail. 

IDG  News  Service 


Microsoft  Buys  Software  to 
Bolster  Its  ERP  Product 

Microsoft  is  buying  technology  from  four  of  its  partners  in  order  to 
bolster  its  Dynamics  AX  enterprise  resource  planning  product  with 
functions  commonly  needed  across  various  industries,  according  to  a 
senior  company  executive. 

Microsoft  sells  ERP  products  to  five  industries.  Three  of  those 
categories-manufacturing,  retail  and  professional  services-will 
benefit  from  the  purchase,  said  Crispin  Read,  general  manager  for 
Dynamics  ERP.  IDG  News  Service 
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The  Brain  Advantage 

Become  a  More  Effective  Business  Leader 

Using  the  Latest  Brain  Research 

By  Madeleine  L.  Van  Hecke,  Lisa  P.  Callahan,  Brad  Kolar 
and  Ken  A.  Paller 

Oliver  Sachs  fans,  take  note:  Now  you  can  read  all  about  your  strange 
brain  and  use  the  same  book  to  become  a  better  leader.  Hecke,  a  clinical 
psychologist,  and  her  coauthors  discuss  the  pros  and  cons  of  working 
on  auto-pilot,  why  your  brain  sometimes  trusts  the  wrong  people, 
when  to  go  with  your  gut  and  more.  Prometheus  Books,  $19, 2009 


Reinvent  Your  Enterprise 

Through  Better  Knowledge  Work 

By  Jack  Bergstrand 

BOOK  Need  to  remake  your  organization?  Coca-Cola 
veteran  and  management  consultant  Jack  Bergstrand 
lays  out  a  process  for  enhancing  worker  productivity, 
which  management  guru  Peter  Drucker  once  identified 
as  the  greatest  challenge  of  the  21st  century.  Somewhat 
academic  and  low  on  anecdotes,  this  book  is  well  orga¬ 
nized  and  includes  a  compelling  argument  for  compen¬ 
sation  plans  that  allow  knowledge  workers  to  earn  more 
than  their  managers.  BookSurge  Publishing,  $18.99 

Beyond  Blinking  Lights  and  Acronyms 

Mike  Schaffner  on  Managing  Information 
Technology  and  Your  IT  Career 

By  Mike  Schaffner 

BLOG  It  happens  all  the  time:  You  have  standards  that 
make  absolute  sense  and  then  someone  wants  an  excep¬ 
tion.  In  a  recent  post  on  his  personal  blog,  Mike  Schaff¬ 
ner,  head  of  IT  for  the  valves  and  measurement  group 
of  oil  and  gas  industry  supplier  Cameron  International, 
has  news  for  CIOs:  Learn  to  live  with  exceptions.  Or 
at  the  very  least,  explain  your  standards  instead  of  sim¬ 
ply  pleading  standards.  In  other  entries,  Schaffner 
discusses  avoiding  budget-induced  IT  death  spirals, 
how  to  design  technical  support  systems  and  respon¬ 
sible  Tweeting. 

mikeschaffner.typepad.com/michael_schaffner 


The  Accidental  Successful  CIO 

By  Jim  Anderson 

BLOG  Here’s  a  snappy  blog  with  all  the  hot  topics:  inno¬ 
vation,  Monday-morning  quarterbacking  on  recent  IT 
systems  failures  and  why  CIOs  should  start  thinking  of 
themselves  as  “strategic  execution  officers.”  In  a  recent 
post  on  storage,  Anderson  writes  that  CIOs  don’t  need 
more  storage,  they  need  smart  storage.  “Reality  has 
caught  up  with  us  and  environmental  costs  coupled 
with  possible  legal  issues  have  turned  the  world  of  stor¬ 
age  upside  down.  Now  CIOs  need  a  new  strategy  to  deal 
with  their  company’s  growing  storage  needs.” 
www.theaccidentalsuccessfulcio.com 

Recession  Won't  Protect  IT  Organizations 
from  Employee  Turnover 

By  Diane  Berry  and  Lily  Mok,  Gartner  Analysts 

RESEARCH  It  is  true:  People  are  less  likely  to  quit  when 
unemployment  is  so  high.  But  some  will  quit,  and  you’d 
rather  not  lose  some  of  those  people.  In  this  report,  Gart¬ 
ner  recommends  that  the  IT  department  collect  a  lot 
more  data  on  turnover,  such  as  how  it  has  changed  the 
department’s  overall  pool  of  core  job  functions,  critical 
skills  and  demographic  profile. 
http://bit.ly/B4c5w 


Compiled  by  Joan  Indiana  Rigdon.  Tell  us  what  you're  reading.  Go 
to  advice.cio.com/blogs/the_techie_reading_list  or  write  to 
letters@cio.com. 
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SAFETY 
NET  WORK) 


Today’s  business  environment  is  full  of  uncertainty.  It’s  become  harder  than 
ever  to  predict  what  will  happen  next.  One  thing  you  shouldn’t  have  to 
question  is  your  network’s  security.  At  Qwest,  we  provide  tailored  network 
security  solutions  designed  to  help  detect  and  prevent  intrusion,  so  you 
can  focus  on  running  your  business  instead  of  worrying  about  its  safety. 
Learn  more  at  qwest.com/business. 
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innovation  and  business  value 


Pennies  from  Heaven 


Credit  giant  TransUnion  makes  the  cloud  pay  by  kim  s.  nash 


Many  companies  have  braved  cloud  computing  by  moving  low- risk  applications  such  as  e-mail 
to  public  clouds.  But  TransUnion,  the  $1.2  billion  credit  reporting  company,  is  taking  a  greater  leap: 
offering  revenue-generating  applications  to  its  customers  as  a  cloud  service. 

For  nearly  a  decade,  TransUnion  has  built  software  for  banks,  retailers  and  other  companies 
to  check  the  credit  histories  of  consumers.  Now  TransUnion  wants  to  get  out  of  the  expensive, 
time-consuming  software  development  business  and  sees  cloud  computing  as  the  way,  says  Scott 
Metzger,  CTO  at  TransUnion  Interactive,  the  subsidiary  that  launched  the  new  services  in  July.  “This 
can  be  a  tricky  line  of  business  to  manage  because  we’re  not  a  consulting  outfit.  We’re  a  financial 
services  company,”  Metzger  says. 

The  ability  to  ramp  up  new  products— as  well  as  expand  or  contract  operational  capability 
quickly— for  less  money  reflects  “the  whole  promise  of  cloud,”  says  Tom  Pettibone,  founder  and 
managing  partner  of  Transition  Partners,  an  IT  management  consulting  firm.  TransUnion,  ►  ► 
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►  ►  Cloud  Continued  from  Page  15 


Pettibone  says,  “is  pushing  the  envelope.” 


Barriers  to  Green  IT 

Sustainability  aims  to  lower  costs,  but  it's  hard  to  show  ROI 


Difficulty 

showing 

ROI 


No  More  Custom  Development 

The  custom  applications  TransUnion  built 
connected  clients  with  proprietary  consumer 
data  so  they  could,  for  example,  look  up  credit 
scores  or  verify  identities.  Offering  such  soft¬ 
ware  helped  TransUnion  compete  with  Equi¬ 
fax  and  Experian. 

Software  development,  of  course,  is  people¬ 
intensive  and  can  be  slow,  which  cuts  into  the 
profits  TransUnion  can  make  on  each  project. 

Under  the  old  regimen  of  developing  a  custom 
application,  it  could  take  weeks  or  months  for 
TransUnion  to  build  a  new  service.  On  top  of 
that,  sometimes  TransUnion  had  a 
backlog  of  requests  stretching  three 
months  or  so,  Metzger  says. 

So  TransUnion  decided  to  offer 
customers  access  to  its  data  through 
APIs.  Customers  can  now  build  their 
own  applications  and  access  con¬ 
sumer  credit  data  via  TransUnion’s 
private  cloud,  that  is,  its  internal 
bank  of  secured  servers.  When  a 
customer  asks  for  a  capability,  TransUnion  can  provide  access 
to  the  appropriate  APIs  within  a  week. 

TransUnion  can  offer  the  same  services  and  consumer 
data  as  before,  but  opening  APIs  to  customers  costs  less  than 
doing  custom  development.  Metzger  declines  to  specify  costs 
or  profits.  To  help  protect  its  data  on  consumers,  TransUnion 
uses  ServiceNet,  an  access  management  appliance  from  Sonoa 
Systems,  to  control  which  customers  can  access  which  APIs 
based  on  profiles  TransUnion  and  the  customer  create  together. 
ServiceNet  also  lets  TransUnion  change  its  systems  more  easily. 
For  example,  previously,  if  TransUnion  hired  a  new  vendor  to 
calculate  sales  taxes  for  its  customers  in  various  states,  it  would 
have  had  to  tweak  each  of  the  custom  applications  to  integrate 
with  the  new  vendor.  Now,  TransUnion  makes  one  change  in 
the  access  management  layer  that  ServiceNet  manages. 

Overall,  TransUnion  is  happy  to  escape  being  an  IT  pro¬ 
vider  for  its  customers,  Metzger  says.  “We  can  focus  on  provid¬ 
ing  the  core  intellectual  property.” 

Contact  Senior  Editor  Kim  S.  Nash  at  kna5h@ci0.com.  Follow  her  on 
Twitter:  www.twitter.com/knash99. 
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Multiple  responses  allowed  SOURCE:  BT  survey  of  150  IT  professionals 
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While  people  in  their  teens  and  20s  were  the 
first  to  adopt  social  networks,  they  aren't  just 
for  the  younger  crowd  anymore,  according  to 
a  Forrester  Research  report. 

"Much  of  the  growth  in  social  networks 
today  comes  from  people  older  than  34," 
writes  analyst  Sean  Corcoran.  More  half  of 
adults  ages  35  to  44  belong  to  social  net¬ 
works.  Seventy  percent  of  adults  55  and  older 
use  "social  tools"  at  least  once  a  month. 

The  report  categorizes  people  who  use 
social  networks  as  "creators"  who  write 
blogs,  upload  audio  and  video  or  post  stories; 
"critics"  who  take  part  in  online  discussions; 
"collectors"  who  organize  and  rate  content  by 
using  RSS  feeds  and  sites  like  Digg;  "joiners" 
who  subscribe  to  social  networks;  and  "spec¬ 
tators"  who  view  user-generated  content. 

People  in  the  35  to  54  age  group  are 
increasingly  joiners  and  creators,  while 
adults  over  55  are  more  likely  to  be  specta¬ 
tors.  With  so  many  more  adults  participating 
in  social  networks,  it  makes  sense  for  com¬ 
panies  to  create  media  and  advertising  cam¬ 
paigns  targeted  to  them,  Corcoran  writes. 

-Elizabeth  Montalbano 
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/Wore  available,  reliable,  scalable . 

/Wore  able ,  period. 


Upgrade  now?  Absolutely.  Want  built-in  virtualization,  significantly  reduced  power  consumption  and  the  ability  to  seamlessly  move  virtual 
machines  without  disruption  of  service  or  perceived  downtime?  Windows  Server®  2008  R2  does  that.  Want  simplified  management 
through  a  single  set  of  tools  and  enhanced  protection  for  ubiquitous  remote  access?  Who  doesn't?  Layer  in  the  latest  version  of  System 
Center  and  integrated  Forefront™  security  and  you'll  get  all  that  too.  Whew!  That's  a  lot  of  added  efficiency  for  one  little  ad. 

To  learn  more  about  how  server  upgrades  can  create  efficiencies,  go  to  itseverybodysbusiness.com/upgrade 


Snap  this  tag  to  get  the 
latest  news  on  server  upgrades 
or  text  UPGRADE  to  21710 

Get  the  free  app  for  your  phone  at 

http://gettag.mobi 
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CALL 

FOR 


to  Watc  h 

AWARDS  2010 


We’re  looking  for  the  next  generation  of  standout  IT  leaders.  The 
CIO  Ones  to  Watch  Award  honors  the  rising  stars  in  IT— the  senior  staff 
destined  to  become  the  CIOs  of  the  future— as  identified  and  sponsored 
by  the  CIOs  of  today’s  leading  organizations. 


Apply 


Candidates  may  be  nominated  by  their  CIO  based  upon  several 
characteristics  including  the  proven  ability  to  lead  teams  and  change, 
drive  innovation  and  deliver  value  to  the  business.  Candidates  may 
also  nominate  themselves  or  be  nominated  by  a  colleague  -  all 
nominations  must  be  endorsed  by  a  CIO.  The  awards  are  judged  by 
a  panel  of  veteran  CIOs  experienced  in  leadership  development  and 
understand  the  characteristics  that  prepare  today’s  IT  managers  to 
be  tomorrow’s  successful  CIOs. 

Apply  today  at:  cio.com/otw 


Be  Seen  Winners  will  be  honored  during 

the  sixth  annual  CIO  Leadership 
Event  May  2-4,  2010,  at  the 
Broadmoor  in  Colorado  Springs, 
featured  in  the  May  issue  of  CIO 
magazine  and  online  at  cio.com 


Don’t  Be  Late 


Nominations  extended  until 
November  6.  For  more  information 
about  this  prestigious  program 
visit:  cio.com/cio-awards 


Produced  by 


BUSINESS  TECHNOLOGY  LEADERSHIP 
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CIO  Executive  Council 


Leaders  Shaping  the  Future  of  Business 


U.S.  Needs  More  Broadband 


The  United  States  IT  industry  is  the 
most  competitive  in  the  world,  but  the 
lack  of  a  broadband  infrastructure 
and  tightened  immigration  policies 
could  threaten  its  lead,  according  to  an 
annual  study  sponsored  by  the  Busi¬ 
ness  Software  Alliance  (BSA). 

Finland,  Sweden,  Canada,  the  Neth¬ 
erlands,  the  United  Kingdom,  Austra¬ 
lia,  Denmark,  Singapore  and  Norway 
round  out  the  list  of  the  10  most  com¬ 
petitive  nations  in  the  IT  field. 

Several  factors  helped  the  United 
States  come  out  on  top,  including  a 
large  pool  of  qualified  IT  workers,  a 
good  research  and  development  envi¬ 
ronment  and  a  strong  legal  system, 
says  Denis  McCauley,  director  of  global 


L 


technology  research  at  the  Economist 
Intelligence  Unit,  which  conducted 
the  study. 

But  the  United  States  dropped  from 
second  to  seventh  place  on  compari¬ 
sons  of  infrastructure  because  some 
parts  of  the  country  need  better  access 
to  high-speed  networks,  the  study  con¬ 
cluded.  BSA  said  that  U.S.  competitive¬ 
ness  could  also  be  improved  by  easing 
immigration  restrictions. 

The  study  takes  into  account  factors 
such  as  the  supply  of  skilled  workers, 
technology  infrastructure,  intellectual 
property  protection  and  having  a  gov¬ 
ernment  that  promotes  technology  as 
well  as  allows  market  forces  to  work. 

Some  measures  could  be  improved 


internationally,  the  study  found.  For 
example,  in  Asia,  IT  training  would 
benefit  from  greater  investment  in 
business  studies  and  language  skills. 

Meanwhile,  governments  in  Europe 
and  North  America  must  work  with 
companies  to  encourage  more  young 
people  to  choose  mathematics  and  sci¬ 
ence-based  subjects  at  universities. 

Finland  and  the  Netherlands  made 
good  progress,  compared  to  last  year’s 
study.  Finland’s  approach  to  R&D— the 
study’s  most  important  category- 
helped  it  move  from  number  13  to 
number  two.  An  improved  broadband 
infrastructure  helped  the  Netherlands 
jump  five  places  to  the  fifth  spot. 

- Mikael  Ricknas 
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grow 


THE  TOP  LINE  INTERVIEW  ::  Andrew  McAfee 

Enterprise  Evolution 


The  Harvard  Business  School  associate  professor,  who  coined  the  term  Enterprise 
2,0,  says  CIOs  should  learn  to  love  the  changes  wrought  by  social  software 


Has  Web  2.0  gained 
more  acceptance? 

I  see  all  levels  of  engage¬ 
ment.  One  of  the  really 
heartening  things  is  that 
this  isn't  just  a  phenom¬ 
enon  for  high-tech  com¬ 
panies  or  companies  that 
employ  tons  of  Cen-Y 
workers.  It's  happening  at 
different  kinds  of  compa¬ 
nies,  industries  and  sec¬ 
tors  of  the  economy. 

Twitter  has  been 
hot,  and  Facebook 
redesigned  its  site  to 
stream  information 


in  real-time.  Do  you 
see  that  kind  of  app 
design  moving  into 
enterprises? 

There  is  this  move  from 
categorizing  and  folder- 
ing  toward  more  free- 
flowing,  streaming  apps 
and  lightweight  tagging 
systems.  To  some  extent, 
companies  are  having  to 
let  go  of  this  idea  of  "offi¬ 
cial"  sources  of  informa¬ 
tion  or  a  few  "approved" 
people  who  get  to  put 
information  out  there. 

All  the  people  involved  in 
your  value  chain  are  going 


to  vote  with  their  feet. 
They  are  going  to  want 
to  use  technologies  that 
make  sense  to  them.  If 
the  IT  department  isn't 
providing  them,  they're 
going  to  use  publicly 
available  stuff  on  the 
Web.  If  the  IT  department 
shuts  that  stuff  down, 
they'll  complain,  they'll  be 
less  effective  and  they'll 
leave  the  company. 

Does  the  industry 
need  to  improve 
security? 

Very  little,  if  anything, 


needs  to  be  done.  I  ask 
for  horror  stories  all  the 
time,  especially  compli¬ 
ance  or  security-related 
horror  stories;  I  just  don't 
have  tales  about  screw 
ups.  The  quick  and  dirty 
explanation  for  why  that 
is:  People  know  howto  do 
their  jobs.  We  know  the 
stuff  that  will  get  us  fired 
if  we  talk  about  it. 


Andrew  McAfee  was  inter¬ 
viewed  by  C.G.  Lynch,  a  writer 
based  in  California.  Read  the 
complete  interview  at  www 
.cio.com/article/495843. 


NEWMARKETS 

Help  for 
Going  Global 

Companies  in  pursuit 
of  foreign  markets 
boost  demand  for 
translation  services 


Who  is  doing  it:  Elnstruction,  a  company  that  develops  an  interactive  white¬ 
board  and  other  products  for  schools,  has  had  its  software  and  documents  trans¬ 
lated  into  47  languages  in  order  to  target  global  markets.  Governments-which 
are  frequent  customers-often  demand  translations  before  purchase,  says  Susan 
Liberty,  manager  of  elnstruction's  technical  communications  group. 

How  it  works:  Elnstruction  hands  over  the  documents  it  wants  translated 
to  MultiLing,  a  service  company  that  analyzes  the  material  using  its  transla¬ 
tion  memory  tool.  The  tool  identifies  sentences  that  have  been  translated  at  an 
earlier  time  and  automatically  adds  those  translations  to  the  new  text.  Workers 
at  MultiLing  also  use  a  terminology  tool  that  displays  preferred  terms,  predeter¬ 
mined  by  the  customers,  for  specified  words.  "The  tool  does  not  take  the  human 
translator  out  of  the  equation,  but  it  helps  the  translator  to  be  more  efficient," 
says  Emmanuel  Margetic,  director  of  marketing  at  MultiLing. 

Growth  potential:  Economic  woes  spurred  demand  for  MultiLing's  services, 
Margetic  says,  as  U.S.  companies  sought  work  in  foreign  markets.  Research  firm 
Common  Sense  Advisory  says  the  top  30  translation  companies  grew  nearly 
20  percent  in  2008.  The  firm  expects  the  market  for  translation  services  to  grow 
10  percent  annually,  reaching  $22.5  billion  by  2012.  -Nancy  Gohring 
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leadership  and 
operational  excellence 


Rx  for  Hospital  Rebuild 

Step  one:  Engage  stakeholders  in  an  interactive  board  game 
to  prioritize  high-tech  amenities  by  kristin  burnham 

When  Le  Bonheur  Children's  Medical  Center  considered  plans  in  2004  to  rebuild  its  outdated 
facility— originally  constructed  in  1952— a  lot  of  executive  thinking  went  into  what  “state  of  the  art” 
would  mean  to  the  hospital’s  future. 

No  one  thought  a  board  game  would  figure  into  the  game  plan. 

“We  recognized  that  the  facilities  we  had  weren’t  capable  of  keeping  up  with  our  technology 
or  our  clinical  care,”  says  Dave  Rosenbaum,  vice  president  of  facilities  management.  The  design 
needed  to  meet  the  needs  of  today’s  technology  and  an  evolving  IT  landscape. 

Working  with  Kathleen  Healy-Collier,  administrative  director  of  clinical  systems,  informatics 
and  technical  services,  Rosenbaum  carved  out  an  $18  million  budget— approximately  7  percent 
of  the  entire  project’s  budget— from  the  general  contract  funds.  This  gave  them  the  oppor-  ► 


At  Le  Bonheur  Children's  Medical 
Center,  Kathleen  Healey-Collier 
and  Dave  Rosenbaum  took  an 
inclusive  approach  to  planning  the 
hospital's  future  IT  capabilities. 


tunity  to  consider  technology  choices  separately  from  the 
construction  of  the  building.  The  first  step  was  selecting  a 
technology  design  firm,  which  SSR  Engineering  and  John¬ 
son  Controls  won  in  a  jointly  awarded  contract. 

In  one  of  their  first  meetings,  Johnson  Controls  gave  the 
Le  Bonheur  Children’s  team  a  board  game  to  play  called 
“The  Solutions  Navigator.” 

The  interactive  assessment  tool— which,  among  other 
questions,  quizzed  players  on  their  vision  for  the  project 
and  prioritized  systems,  applications  and  communication 
devices— was  designed  to  help  organizations  identify  and 
address  infrastructure  and  technology  needs. 

Game  pieces  are  placed  on  the  board,  which  measures  and 
compares  an  organization’s  needs,  priorities  and  satisfaction 
levels.  The  result  is  an  assessment  of  the  hospital’s  top  priori¬ 
ties  and  areas  of  improvement.  Healy-Collier  and  Rosenbaum 
shared  the  game  with  patients,  the  patients’  families  and  doc¬ 
tors,  among  others— each  received  a  board  to  play. 

Within  a  month,  Johnson  Controls  collected  and  sorted  the 
information  gathered  from  the  game,  and  presented  the  find¬ 
ings  to  the  team.  The  information  was  sorted  into  three  catego¬ 
ries:  must  have,  should  have  and  optional.  Some  of  the  optional 
items  could  be  added  once  construction  was  completed,  if  they 
had  extra  money.  Many  of  the  must-have  and  should-have 


items  were  infrastructure-related:  the  local  area  network,  PBX , 
structured  cabling,  building  security  and  intercoms. 

Healy-Collier  and  Rosenbaum  also  created  a  secondary 
chart  for  designing  the  patient  rooms.  Patients  and  their 
families  listed  the  technologies  they  wanted  under  the  three 
categories.  They  found  that  patients  were  all  looking  for 
reasonable  amenities,  “nothing  too  Star  Trekky,”  she  says. 
Families  wanted  to  know  who  was  taking  care  of  their  child 
and  which  tests  were  being  ordered.  Patients  wanted  their 
cell  phones  to  work  in  the  hospital. 

Le  Bonheur  Children’s  worked  in  tandem  with  Johnson 
Controls  to  collect,  refine  and  award  the  RFPs  with  various 
suppliers.  That  relationship  was  especially  helpful  and  effi¬ 
cient,  Healy-Collier  says,  in  removing  much  of  the  “wheel¬ 
ing  and  dealing  with  the  vendors.” 

While  the  selection  and  design  process  was  easily  man¬ 
aged,  Healy-Collier  says  managing  expectations  was  more 
challenging.  “Being  a  state-of-the-art  hospital  means  dif¬ 
ferent  things  to  people,”  she  explains.  “We’ve  had  to  make 
sure  that  we’re  asking  about  everyone’s  expectations  and 
communicating  our  intentions  effectively.” 


Contact  Associate  Editor  Kristin  Burnham  at  kburnham@cio.com. 
Follow  her  on  Twitter:  www.twitter.com/kmburnham. 


SOFTWARE- AS- A-SERlf ICE  CONTRACTS 


THINK  SERVICE. 
Vendors  may  "try  to 
squeeze  SaaS  terms 
and  conditions  into 
a  software  contract," 
says  Azzarello  Croup 
consultant  Nick 
Goss.  A  CIO  needs 
to  address  how 
this  relationship 
is  different.  Both 
established  vendors 
and  startups  have 
latched  onto  SaaS  as 
an  easy  route  to  mar¬ 
ket  because  it  sim¬ 
plifies  distribution 
of  code,  says  Goss. 
But  beware  of  those 
who  may  be  "more 
focused  on  accru¬ 
ing  customers  than 
assuring  reliable 
levels  of  service,"  he 
warns. 


GET  GUARANTEES. 
Harrison  Lewis,  CIO 
at  the  grocery  chain 
Haggen,  negotiates 
application-specific 
protections.  When 
Haggen  signed 
with  a  SaaS  human 
resources  and  pay¬ 
roll  vendor,  Lewis 
made  the  vendor 
guarantee  to  sup¬ 
port  the  application 
for  at  least  10  years 
or  pay  a  penalty.  He 
also  required  soft¬ 
ware  escrow,  in  case 
the  vendor  went 
out  of  business.  "I'm 
looking  to  mitigate 
the  risk,  so  what  I 
put  into  the  contract 
are  the  worst-case 
scenarios,"  Lewis 
says. 


UNDERSTAND 
WHAT  YOU  ARE 
GIVING  UP.  Lewis 
notes  he  no  longer 
has  the  option  of 
sticking  with  an 
older  version  of  the 
application.  "Under 
SaaS,  when  the 
vendor  goes  to  ver¬ 
sion  10,  guess  what? 
Here  we  go!"  he  says. 
So  rather  than  con¬ 
trolling  the  schedule, 
he  insists  on  getting 
adequate  notice  to 
address  issues  such 
as  training. 


WATCH  OUT  FOR 
ROGUE  DEPLOY 
HENTS.  One  CIO 
Goss  knows  was 
embarrassed  to 
find  out  his  firm 
had  adopted  a  SaaS 
application  for  a 
serious  business 
function  without  his 
knowledge.  "He  only 
found  out  about  it 
because  someone 
commented  that  it 
wasn't  performing 
very  well,"  Goss  says. 
At Haggen,  the  CFO 
wouldn't  let  such  a 
contract  be  signed 
without  Lewis's  con¬ 
sent.  "If  it  has  any 
smell  of  technology, 
he  brings  it  tome," 
he  says. 


RESISTANCE  IS 
FUTILE.  SaaS  can 
be  a  good  match  for 
many  business  goals, 
so  "a  CIO  trying  to 
stand  against  this  is 
going  to  be  perceived 
as  showing  a  remark¬ 
able  lack  of  business 
judgment,"  Goss 
says.  "You  might 
as  well  work  out  a 
way  for  it  to  happen 
that  makes  it  safe 
so  it's  not  going  to 
come  back  and  bite 
you."  By  becoming 
an  advocate  for  SaaS 
where  it's  appropri¬ 
ate.  you  can  play  a 
bigger  role  in  select¬ 
ing  the  right  services 
and  negotiating  con¬ 
tracts  to  make  them 
manageable. 
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LEGAL  AFFAIRS 

Capture  the  Red  Flags 

Tipstohelpyou  comply  with  new  federal  rules  for  spotting-and  stopping- 

identity  theft  BY  MATTHEW  KARLYN,  AARON  TANTLEFF  AND  NICK  DYER 


On  November  1,  many  companies  will  be 
required  to  comply  with  Federal  Trade  Com¬ 
mission  regulations— commonly  known  as 
the  Red  Flag  Rules— that  are  designed  to 
reduce  the  risk  of  fraud  through  identity 
theft.  Companies  that  don’t  comply  may  face  financial 
penalties  as  well  as  civil  lawsuits.  To  prepare,  your  com¬ 
pany  should  ensure  that  its  information  security  policy 
conforms  with  FTC  requirements.  Keep  the  following  tips 
in  mind: 

Know  your  company's  red  flags.  The  FTC  doesn’t 
provide  a  definitive  list  of  red  flags— warning  signs  that 
personal  data  is  vulnerable  to  theft.  Your  company  has 
to  develop  its  own,  based  on  experience  and  on  examples 
provided  under  the  Fair  and  Accurate  Credit  Transactions 
Act.  Possibilities  include  unusual  patterns  of  activity  or 
suspicious  information  entered  into  a  credit  application. 

Have  a  plan  of  attack.  Your  company  should  have 
procedures  to  detect  red  flags  during  daily  business  opera¬ 
tions  as  well  as  polices  dictating  how  it  will  respond  to  sus¬ 
picious  activity.  Your  company’s  procedures  should  also 
include  regular  monitoring  of  accounts,  closing  accounts 


with  flagged  activity  and  notifying,  to  the  extent  possible, 
the  victims  of  suspected  identity  theft. 

Get  the  board  involved.  If  your  company  is  develop¬ 
ing  an  information  security  program  for  the  first  time,  the 
FTC  requires  that  it  be  approved  by  the  board  of  directors 
or  an  appropriate  board  committee.  The  board  may  desig¬ 
nate  itself,  a  committee  or  senior  management  to  oversee 
the  program  and  approve  future  changes. 

Insist  on  third-party  compliance.  Customers  or 
vendors  who  access  your  company’s  data  should  have  a 
written  information  security  program  that  complies  with 
the  FTC  rules  and  is  as  robust  as  your  company’s  pro¬ 
gram.  Some  states,  such  as  Nevada  and  Massachusetts, 
even  demand  it. 

Stay  up  to  date.  The  rules  require  that  the  information 
security  program  be  reviewed  regularly  in  order  to  ensure 
that  your  list  of  red  flags  stays  current  with  evolving  meth¬ 
ods  of  identity  theft. 


Matthew  Karlyn  is  senior  counsel  and  Aaron  Tantleff  and  Nick 
Dyer  are  associates  with  Foley  &  Lardner.  Read  an  expanded 
version  of  this  story  at  www.cio.com/article/503165. 
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CIOs' "New 
Voice"  Says 

Innovate 

CIOs  are  spending  about  55  percent 
of  their  time  driving  innovative 
activities  such  as  rolling  out  new 
technologies  and  business  initia¬ 
tives  or  managing  nontechnology 
business  issues,  says  a  study  by  IBM 
called  "The  New  Voice  of  the  CIO" 

( www-304.ibm.com/businesscenter/ 
cpe/html0/183234.html). 

Data  for  the  Global  CIO  Study 
2009  was  collected  during  face-to- 
face  interviews  conducted  by  IBM 


execs  with  2,598  CIOs,  working  in 
organizations  across  78  countries. 

When  choosing  from  a  list  of 
20  ways  to  increase  competitive 
advantage  within  their  industry, 

83  percent  of  respondents  identified 
business  intelligence  and  data  ana¬ 
lytics  as  the  most  important  factors 
in  optimizing  their  businesses. 
Security  and  data  reliability  also 
ranked  high  as  a  common  concern, 
with  71  percent  of  the  CIOs  planning 
more  spending  for  compliance  and 
risk  management  reasons. 

Companies  surveyed  were 
grouped  into  high,  medium  and  low 
growth  levels  by  using  profit  data 
from  2004  to  2007.  The  top  three 
themes  common  among  successful 


CIOs  at  high-growth  companies  were 
a  sharper  focus  on  innovation,  busi¬ 
ness  impact  and  strategies  to  raise 
the  ROI  of  IT. 

The  findings  also  showed  a  sig¬ 
nificantly  different  focus  for  CIOs 
in  each  group.  High-growth  CIOs, 
for  example,  emphasize  innovative 
change  to  the  business  while  CIOs  at 
low-growth  firms  focus  more  heavily 
on  tactical  IT  management. 

"As  the  business  changes,  IT  can 
either  respond  as  usual  or  challenge 
the  traditional  IT  operating  model 
at  the  core"  says  Dave  Patzwald,  VP 
of  IT  at  Schneider  Electric.  "This  is 
a  transformational  shift,  not  just  a 
short-term  challenge." 

-Simone  Levien 
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Customized  network  solutions 
that  fit  your  business  needs 


Reliance  Globalcom  is  a  leading  global  provider  of  network  and  communications  services 
for  enterprises,  large  multinationals  and  carriers.  We  own  and  operate  the  world’s  largest 
private  undersea  cable  system,  deliver  Ethernet  VPLS  to  more  countries  than  any  other 
service  provider,  and  are  first  to  market  a  fully-managed,  globally-integrated  MPLS  network 
regardless  of  the  underlying  carriers.  We  expand  our  data,  voice  and  collaborative  solutions 
in  230  countries  and  territories  through  over  700  carrier  partners  that  provide  local  market 
insight  and  knowledge.  Our  consultative  approach  delivers  what  you  need  when  and  where 
you  need  it,  enabling  organizations  to  adapt  and  respond  to  ever-changing  business 
priorities  and  achieve  global  reach,  flexibility,  optimum  performance  and  cost-efficiency. 


Call  us  now  at  866-549-4737  to  understand  how  we  can  deliver  a  world-class 
network  solution  to  match  your  exact  business  needs. 


www.relianceglobalcom.com 
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COVER  STORY 
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SECURITY 


Our  seventh-annual  Global  Information  Security  survey 
finds  IT  leaders  struggling  to  defend  against  new  threats 
from  social  networking  and  cloud  computing,  but  with 
renewed  support  from  business  leaders 


I  oday's  most  compelling  technologies  are  giving  you  the  biggest  secu¬ 
rity  headaches.  Social  networking  sites  such  as  Twitter,  Facebook  and 
Linkedln  enhance  collaboration  and  help  your  company  connect  with 
customers,  but  they  also  make  it  easier  than  ever  for  your  employees  to 
share  customer  data  and  company  secrets  with  outsiders. 

Virtualization  and  cloud  computing  let  you  simplify  your  physical  IT 
infrastructure  and  cut  overhead  costs,  but  you’ve  only  just  begun  to  see  the  security  risks 
involved.  Putting  more  of  your  infrastructure  in  the  cloud  has  left  you  vulnerable  to  hack¬ 
ers  who  have  redoubled  efforts  to  launch  denial-of-service  attacks  against  the  likes  of 
Google,  Yahoo  and  other  Internet-based  service  providers.  A  massive  Google  outage  earlier 
this  year  illustrates  the  kind  of  disruptions  cloud-dependent  businesses  can  suffer. 

But  there’s  also  good  news.  Even  though  the  worst  economic  recession  in  decades  has 
compelled  you  to  spend  less  on  outsourced  security  services  and  do  more  in-house,  your 
security  budget  is  holding  steady.  And  more  of  you 
are  employing  a  chief  security  officer. 

Such  are  the  big  takeaways  from  the  seventh- 
annual  Global  Information  Security  survey,  which 
CIO  and  CSO  magazines  conducted  with  Prieewater- 
houseCoopers  earlier  this  year.  Nearly  7,300  business 
and  technology  executives  worldwide  responded  from 
a  variety  of  industries,  including  government,  health 
care,  financial  services  and  retail. 

These  trends  are  shaping  your  information  secu¬ 
rity  agenda.  “Every  company  worries  about  protecting 
their  data,  especially  their  client  data,”  says  Charles 
Beard,  CIO  at  Science  Applications  International  Corp. 

(SAIC).  “Under  the  old  business  model,  everyone  had 
to  get  together  in  the  same  building  in  the  same  geo¬ 
graphical  area.  Now  everyone  is  using  the  Internet 
and  mobile  devices  to  work  with  each  other.  That’s 
where  we  see  the  promise  of  things  like  social  network¬ 
ing.  The  flip  side  is  we’re  exposed  to  the  dark  side  of 
cyberspace.  Adoption  of  this  technology  is  well  ahead 
of  efforts  to  properly  secure  and  govern  it.” 

Read  on  to  learn  what  we  found. 


Top  IT 
Security 
Priorities 

New  investments  are 
focused  on  protecting  data, 
authenticating  users 


Biometrics 
Web  content  filters 
Data  leakage  prevention 
Disposable  passwords/smart  cards/tokens 
Reduced  or  single-sign-on  software 
Voice-over-IP  security 
Web  2.0  security 
Identity  management 
Encryption  of  removable  media 
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Smarter  business  for  a  Smarter  Planet: 


Ever  wanted  another  CIO’s  perspective? 
How  about  over  2,500  of  them? 

IBM  met  face-to-face  with  over  2,500  CIOs  worldwide*  on  what  it  takes  to  build  a  smarter  business.  And  while 
perspectives  varied,  several  commonalities  emerged.  We  found  that  today’s  CIOs  spend  55%  of  their  time  driving 
innovation— by  implementing  new  technologies  and  generating  buy-in  for  innovative  plans.  They  also  successfully 
master  six  different  roles.  An  electronics  CIO  summed  it  up  best:  “In  IT,  we  are  not  magicians,  but  we  are  certainly 
jugglers.”  The  New  Voice  of  the  CIO  is  our  largest  study  to  date.  And  with  insights  from  successful  CIOs  in  more 
than  15  industries  and  75  different  countries,  it  can  serve  as  a  blueprint  for  building  a  smarter  business. 

Get  the  IBM  Global  CIO  Study:  The  New  Voice  of  the  CIO,  the  largest  face-to-face  study  of  its  kind. 
ibm.com/CIOstudy6 
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A  smarter  business  needs  smarter  thinking. 

Let’s  build  a  smarter  planet. 


"CIOs  include  Chief  Information  Officers,  Chief  Technology  Officers.  Senior  IT  and  Business  Directors,  and  Senior  IT  Managers.  IBM.  the  IBM  logo,  ibm.com,  Smarter  Planet  and  the 
planet  icon  are  trademarks  of  International  Business  Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other 
companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  2009.  All  rights  reserved. 


COVER  STORY  ::  SECURITY 


TREND  #1 

The  Promise  and  Peril 
of  Social  Networking 

In  less  than  two  years,  social  networking  has  gone  from 
an  abstract  curiosity  to  a  way  of  life  for  many  people. 
When  someone  updates  their  status  on  Twitter,  Face- 
book  or  Linkedln,  they  might  do  it  at  work  by  day  or  on 
company-owned  laptops  from  home  at  night. 

What  gives  IT  executives  heartburn  is  the  ease  with 
which  users  could  share  customer  data  or  sensitive  company 
activities  while  they’re  telling  you  what  they’re  having  for  lunch. 
Cyberoutlaws  know  this  and  use  social  networks  to  launch 
phishing  scams.  In  one  popular  attack,  they  send  their  victims 
messages  that  appear  to  be  coming  from  a  Facebook  friend.  The 
“friend”  may  send  along  a  URL  they  insist  you  check  out.  It  may 
be  pitched  as  a  news  story  about  Michael  Jackson’s  death  or  a 
list  of  stock  tips.  In  reality,  the  link  takes  the  victim  to  a  shady 
website  that  automatically  drops  malware  onto  the  computer. 

The  malware  goes  off  in  search  of 
any  valuable  data  stored  on  the 
computer  or  wider  company  net¬ 
work,  be  it  customer  credit  card 
numbers  or  the  secret  recipe  for  a 
new  cancer-fighting  drug. 

It’s  no  surprise,  then,  that  every 
IT  leader  surveyed  admitted  they 
fear  social-engineering-based 
attacks.  Forty-five  percent  spe¬ 
cifically  fear  the  phishing  schemes 
against  Web  2.0  applications. 

Nevertheless,  for  many  com¬ 
pany  executives,  blocking  social 
networking  is  out  of  the  question 
because  of  its  potential  business 
benefits.  Companies  now  clamor 
to  get  their  messages  out  through 
these  sites,  so  the  challenge  for 
CIOs  is  to  find  the  right  balance 
between  security  and  usability. 

“People  are  still  incred¬ 
ibly  naive  about  how  much  they 
should  share  with  others,  and 
we  have  to  do  a  better  job  educat¬ 
ing  them  about  what  is  and  isn’t  appropriate  to  share,”  says  H. 
Frank  Cervone,  vice  chancellor  of  information  services  with 
Purdue  University  Calumet.  “We  have  to  do  a  better  job  of 
enhancing  our  understanding  of  what  internal  organization 
information  should  not  be  shared.”  (For  a  different  view,  read 
“Enterprise  Evolution,”  an  interview  with  Harvard  Business 
School  Associate  Professor  Andrew  McAfee,  Page  20.) 

But  in  a  university  setting,  it’s  critical  to  engage  people 
through  social  media,  Cervone  adds.  Even  in  the  commercial 
sector,  he  doesn’t  see  how  organizations  can  avoid  it. 

And  yet  this  year— the  first  in  which  we  asked  respondents 
about  social  media,  only  23  percent  said  their  security  efforts  now 
include  provisions  to  defend  Web  2.0  technologies  and  control 


what  can  be  posted  on  social  networking  sites. 

One  positive  sign:  Every  year,  more  companies  dedicate  staff 
to  monitoring  how  employees  use  online  assets— 57  percent  this 
year  compared  to  50  percent  last  year  and  40  percent  in  2006. 
Thirty-six  percent  of  respondents  monitor  what  employees  are 
posting  to  external  blogs  and  social  networking  sites. 

To  prevent  sensitive  information  from  escaping,  65  percent 
of  companies  use  Web  content  filters  to  keep  data  behind  the 
firewall,  and  62  percent  make  sure  they  are  using  the  most 
secure  version  of  whichever  browser  they  choose.  Forty  per¬ 
cent  said  that  when  they  evaluate  security  products,  support 
and  compatibility  for  Web  2.0  is  essential. 

Unfortunately,  social  networking  insecurity  isn’t  something 
one  can  fix  with  just  technology,  says  Mark  Lobel,  a  partner  in 
the  security  practice  at  PricewaterhouseCoopers. 

“The  problems  are  cultural,  not  technological.  How  do  you 
educate  people  to  use  these  sites  intelligently?”  he  asks.  “His¬ 
torically,  security  people  have  come  up  from  the  tech  path,  not 
the  sociologist  path.  So  we  have  a  long  way  to  go  in  finding  the 
right  security  balance.” 

Guy  Pace,  security  administrator  with  the  Washington 
State  Board  for  Community  and  Technical  Colleges,  says  his 
organization  takes  many  of  the  precautions  described  above. 
But  he  agrees  with  Lobel  that  the  true  battleground  is  one  of 
office  culture,  not  technology.  “The  most  effective  mitigation 
here  is  user  education  and  creative,  effective  security  awareness 
programs,”  he  says. 

TREND  #2 

Jumping  into  the  Cloud, 

Sans  Parachute 

Given  the  expense  to  maintain  a  physical  IT 
infrastructure,  the  thought  of  replacing  server 
rooms  and  haphazardly  configured  appliances 
with  cloud  services  is  simply  too  hard  for  many 
companies  to  resist.  But  rushing  into  the  cloud 
without  a  security  strategy  is  a  recipe  for  risk. 
According  to  the  survey,  43  percent  of  respondents  are  using 
cloud  services  such  as  software  as  a  service  or  infrastructure  as 
a  service.  Even  more  are  investing  in  the  virtualization  technol¬ 
ogy  that  helps  to  enable  cloud  computing.  Sixty-seven  percent 
of  respondents  say  they  now  use  server,  storage  and  other  forms 
of  IT  asset  virtualization.  Among  them,  48  percent  actually 
believe  their  information  security  has  improved,  while  42  per¬ 
cent  say  their  security  is  at  about  the  same  level.  Only  10  percent 
say  virtualization  has  created  more  security  holes. 

Security  may  well  have  improved  for  some,  but  experts  like 
Chris  Hoff,  director  of  cloud  and  virtualization  solutions  at 
Cisco  Systems,  believe  that  both  consumers  and  providers  need 
to  ensure  they  understand  the  risks  associated  with  the  techni¬ 
cal,  operational  and  organizational  changes  these  technologies 
bring  to  bear. 

“When  you  look  at  how  people  think  of  virtualization  and 
what  it  means,  the  definition  of  virtualization  is  either  very 
narrow— that  it’s  about  server  consolidation,  virtualizing  your 
applications  and  operating  systems,  and  consolidating  every- 
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Dark  Cloud 

Fears  about  vendors 
dominate  cloud 
security  risks 


What  is  the  greatest  security  risk  to 
your  cloud  computing  strategy? 

Ability  to  enforce  provider  security  policies 

Inadequate  training  and  IT  auditing 

Access  control  at  provider  site 

Ability  to  recover  data 

Ability  to  audit  provider 

Proximity  of  company  data  to  someone  else's 

Continued  existence  of  provider 

Provider  regulatory  compliance 


thing  down  to  fewer  physical  boxes— or  it’s  about  any  number 
of  other  elements:  client-side  desktops,  storage,  networks,  secu¬ 
rity,”  he  says.  “Then  you  add  to  the  confusion  with  the  concept 
of  cloud  computing,  which  is  being  pushed  by  Microsoft  and  a 
number  of  smaller,  emerging  companies.  You’re  left  scratching 
your  head  wondering  what  this  means  to  you  as  a  company. 
How  does  it  impact  your  infrastructure?” 

Fortunately,  there’s  some  evidence  of  companies  proceeding 
with  caution.  One  example  is  Atmos  Energy,  which  is  using 
Salesforce.com  to  speed  its  response  time  to  customers  and  help 
the  marketing  department  manage  a  growing  pool  of  clients, 
according  to  CIO  Rich  Gius. 

The  endeavor  is  successful  thus  far,  so  Gius  is  investigating  the 
viability  of  running  company  e-mail  in  the  cloud.  “It  would  help 
us  address  the  growing  challenge  where  e-mail-enabled  mobile 
devices  like  BlackBerrys  are  proliferating  widely  among  the  work¬ 
force,”  he  says.  But  he’s  not  ready  to  take  such  a  big  step  because  the 
risks,  including  security,  remain  hard  to  pin  down.  One  example 
of  the  disruption  that  cloud-dependent  companies  can  experi¬ 
ence  came  in  May,  when  search  giant  Google— whose  content 
accounts  for  5  percent  of  all  Internet  traffic— suffered  a  massive 
outage.  When  it  went  down,  many  companies  that  have  come  to 
rely  on  its  cloud-based  business  applications  (such  as  e-mail) 
were  dead  in  the  water. 

The  outage  wasn’t  caused  by  hackers,  but  there  are  signs 
that  cybercriminals  are  exploring  ways  to  exploit  the  cloud  for 
malicious  purposes.  On  the  heels  of  the  outage,  attackers  added 
insult  to  injury  by  flooding  Google  search  results  with  mali¬ 
cious  links,  prompting  the  U.S.  Computer  Emergency  Response 
Team  (U.S.  CERT)  to  issue  a  warning  about  potential  dangers 
to  cloud-based  service  sites. 

The  attack  poisoned  several  thousand  legitimate  websites  by 
exploiting  known  flaws  in  Adobe  software  to  install  a  malicious 
program  on  victims’  machines,  U.S.  CERT  says.  The  program 
would  then  steal  FTP  login  credentials  from  victims  and  use  the 
information  to  spread  itself  further.  It  also  hijacked  the  victim’s 
browser,  replacing  Google  search  results  with  links  chosen  by 
the  attackers.  Although  the  victimized  sites  were  not  specifi¬ 
cally  those  offering  cloud-based  services,  similar  schemes  could 
be  directed  at  cloud  services  providers. 

IT  organizations  often  make  an  attacker’s  job  easier  by 
configuring  physical  and  cloud-based  IT  assets  so  poorly  that 
easy-to-find-and-exploit  flaws  are  left  behind.  Asked  about  the 


potential  vulnerabilities  in  their  virtualized  environments,  36 
percent  cited  misconfiguration  and  poor  implementation,  and 
51  percent  cited  a  lack  of  adequately  trained  IT  staff  (whose  lack 
of  knowledge  leads  to  configuration  glitches).  In  fact,  22  percent 
of  respondents  cited  inadequate  training,  along  with  insuffi¬ 
cient  auditing  (to  uncover  vulnerabilities)  to  be  the  greatest 
security  risk  to  their  company’s  cloud  computing  strategy. 

It’s  this  awareness  that  makes  Atmos  Energy’s  Gius  proceed 
with  caution.  “We  have  no  CSO.  If  we  were  a  financial  services  firm 
it  might  be  a  different  story,  or  if  we  had  a  huge  head  count,”  Gius 
says.  “But  we  are  a  small-to-medium-sized  company,  and  the  staff 
limitations  make  these  kinds  of  implementations  more  difficult.” 

Even  with  the  right  resources,  security  in  the  cloud  is  a  matter 
of  managing  a  variety  of  risks  across  multiple  platforms.  There’s 
no  single  cloud.  Rather,  “there  are  many  clouds,  they’re  not  fed¬ 
erated,  they  don’t  natively  interoperate  at  the  application  layer 
and  they’re  all  mostly  proprietary  in  their  platform  and  opera¬ 
tion,”  Hoff  says.  “The  notion  that  we’re  all  running  out  to  put  our 
content  and  apps  in  some  common  [and  secure]  repository  on 
someone  else’s  infrastructure  is  unrealistic.” 

Lobel,  with  PricewaterhouseCoopers,  says  perfect  secu¬ 
rity  is  not  possible.  “You  have  to  actively  focus  on  the  security 
controls  while  you  are  leaping  to  these  services,”  he  says.  It’s 
difficult  for  companies  to  turn  back  once  they  have  let  their 
data  and  applications  loose  because  they  are  often  quick  to  rid 
themselves  of  the  hardware  and  skills  they  would  need  to  bring 
the  services  back  in-house. 

“If  you  dive  down  a  well  without  a  rope,  you  may  find  the 
water  you  wanted,  but  you’re  not  going  to  get  out  of  the  well 
without  the  rope,”  he  says.  “What  if  you  have  a  breach  and  you 
need  to  leave  the  cloud?  Can  you  get  out  if  you  have  to?” 

TREND  #3 

Insourcing  Security  Management 

A  few  years  ago,  technology  analysts  were 
predicting  unlimited  growth  for  managed 
security  service  providers  (MSSPs).  Many 
companies  then  viewed  security  as  a  foreign 
concept,  but  laws  such  as  Sarbanes-Oxley,  the 
Health  Insurance  Portability  and  Account¬ 
ability  Act  and  the  Gramm-Leach-Bliley  Act  (affecting  financial 
services)  were  forcing  them  to  address  intrusion  defense,  patch 


31 


www.cio.com  OCTOBER  15,  2009 


COVER  STORY  ::  SECURITY 


management,  encryption  and  log  management. 

Convinced  they  couldn’t  do  it  on  their  own,  companies  chose 
outsourcers  to  do  it  for  them.  Gartner  estimated  the  MSSP  mar¬ 
ket  in  North  America  alone  would  reach  $900  million  in  2004 
and  that  it  would  grow  another  18  percent  by  2008. 

Then  came  the  economic  tsunami,  which  appears  to  have 
cast  a  shadow  over  outsourcing  plans  even  though  security 
budgets  are  holding  steady.  Although  31  percent  of  respondents 
this  year  are  relying  on  outsiders  to  help  them  manage  day-to- 
day  security  functions,  only  18  percent  said  they  plan  to  make 
security  outsourcing  a  priority  in  the  next  12  months. 

When  it  comes  to  specific  functions,  the  shift  has  already 
begun.  Last  year,  30  percent  of  respondents  said  they  were 
outsourcing  management  of  application  firewalls,  compared 
to  16  percent  today.  Respondents  cited  similar  reductions  in 
outsourcing  of  network  and  end-user  firewalls.  Companies 
have  also  cut  back  on  outsourcing  encryption  management 
and  patch  management. 

At  the  same  time,  more  companies  are  spending  money  on 
these  and  other  security  functions.  Sixty-nine  percent  said 
they’re  budgeting  for  application  firewalls,  up  slightly  com¬ 
pared  to  the  past  two  years.  Meanwhile,  more  than  half  of 
respondents  said  they  are  investing  in  encryption  for  laptops 
and  other  computing  devices. 

The  results  surprise  Lobel  of  PricewaterhouseCoopers. 
“When  you  think  about  it  logically,  some  IT  organizations  have 
the  resources  and  maturity  to  manage  their  operating  systems 
and  patches,  but  many  don’t,”  he  observes.  “Hopefully,  the 
numbers  simply  mean  IT  shops  have  grown  more  mature  in 
their  security  understanding.” 

Gius  of  Atmos  Energy  offered  another  possible  explanation: 
Companies  see  a  lot  of  chaos  in  the  security  market  with  an 
avalanche  of  mergers  and  acquisitions.  One  independent  secu¬ 
rity  vendor  after  another  has  merged  with  or  been  acquired  by 
other  companies.  Examples  include  BT’s  acquisition  of  Coun¬ 
terpane  and  IBM’s  acquisition  of  Internet  Security  Systems. 
IT  leaders  are  simply  getting  out  of  the  way  until  the  industry 
settles  down. 

Gius  says  Atmos  Energy  is  handling  most  of  its  security 
in-house  right  now.  “We  pursued  a  number  of  open-source 


Data  Dangers 

Attacks  on  data  have  increased  faster  than  any 
other  security  exploit.  The  top  target:  databases. 

How  attackers  get  your  data 

File-sharing  applications  46% 

Removable  media  23% 

Backup  tapes  16% 

Multiple  responses  allowed 


Security  Budgets 
Hold  Steady 

More  companies  are  increasing 
spending  than  cutting  it 

Direction  of  spending 

Increase 
Stay  the  same 
Decrease 
Don't  know 

Numbers  may  not  add  to  100%  due  to  rounding 


and  lower-cost  solutions  to  manage  it  ourselves,”  he  says.  “We 
invested  in  two  people  to  help  ensure  we  had  the  skills  to  man¬ 
age  that  environment.”  But  he’d  like  to  outsource  more  if  it 
makes  sense  financially.  He  notes  that  security  is  increasingly 
integrated  into  the  platforms  provided  by  the  likes  of  Microsoft, 
Cisco  and  Oracle,  as  well  as  telecom  providers  like  Comcast  and 
Verizon.  It  makes  sense  to  him  to  have  those  providers  manage 
the  security  of  their  systems. 

Beard,  with  SAIC,  says  that  no  matter  what  drives  security 
spending  decisions,  companies  should  understand  their  specific 
security  strategies  and  where  managed  security  providers  can 
offer  unique  value.  Smart  business  executives  understand  that 
they  must  maintain  control  of  the  big  picture  at  all  times,  even  if 
a  third  party  is  managing  many  of  the  levers.  Keeping  an  eye  on 
security  service  providers  and  the  risks  they  are  encountering 
is  essential.  “CIOs  and  security  officers  may  outsource  certain 
functions  to  various  degrees,  but  they  should  never  outsource 
their  responsibility,”  Beard  advises. 

TREND  #4 

A  New  Corporate  Commitment 

10s  may  Still  struggle  with  the  quality  of  their 
data  security,  but  the  response  to  this  year’s  sur¬ 
vey  suggests  their  executive  peers  have  agreed, 
finally,  that  security  can’t  be  ignored. 

Companies’  budget  plans  tell  part  of  the  story. 
Not  only  are  more  companies  investing  in  secu¬ 
rity  technologies,  but  overall  security  investments  are  largely 
intact,  despite  the  economy. 

Twelve  percent  of  respondents  expect  their  security  spending 
to  decline  in  the  next  12  months.  But  63  percent  say  their  budgets 
will  hold  steady  or  increase  (although  fewer  foresee  increases 
than  did  last  year). 

For  starters,  more  companies  are  hiring  CSOs  or  chief  informa¬ 
tion  security  officers  (CISOs).  Eighty-five  percent  of  respondents 
said  their  companies  now  have  a  security  executive,  up  from  56 
percent  last  year  and  43  percent  in  2006.  Just  under  one-third  of 
security  chiefs  report  to  CIOs,  35  percent  to  CEOs  and  28  percent 
to  boards  of  directors. 

Two  factors  are  influencing  companies  to  maintain  security 
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"■  Email's  importance  triggers  new  worries  over 
■"  security,  accessibility 


What  started  out  as  a  convenient  communications  tool  has 
blossomed  far  beyond  anyone's  expectations.  Email  has 
evolved  to  become  an  important  repository  of  information, 
one  that  must  be  managed,  secure,  and  accessible,  in  July 
2009,  IDG  Research  surveyed  IT  and  business  executives  on 
the  state  of  email  management  within  their  companies,  and 
more  than  80%  of  them  said  email  downtime  would  cause 
either  a  "high"  or  "critical"  impact  on  productivity;  it  was 
graded  roughly  the  same  as  losing  access  to  databases  or 
transactional  systems. 

But  with  the  evolution  of  email  comes  surging  costs— 
both  hard  (e.g.,  IT  resources  and  storage)  and  soft  (e.g., 
maintaining  compliance  and  business  continuity).  Only  half 
of  the  companies  surveyed  feel  that  their  current  email 
management  solutions  are  highly  effective  in  solving  these 
challenges.  To  address  this,  companies  are  considering  the 
viability  of  outsourcing  email  management  entirely. 

Email  Challenges  Facing  Executives 

The  realization  about  costs  is  driving  efforts  to  harness 
the  email  management  conundrum.  More  than  70 
percent  of  respondents  report  that  their  IT  organizations 
have  been  asked  to  find  more  cost-effective  ways  to 
manage  email.  Over  half  have  established  a  deadline: 
within  the  next  12  months. 

But  cost  isn't  the  only  challenge  the  survey 
respondents  face: 

■  42%— whether  because  of  mergers,  acquisitions,  or 
other  decisions— struggle  with  multiple,  overlapping  email 
management  technologies 

■  44%  worry  about  the  effectiveness  of  their  current  email 
management  solution  for  disaster  recovery 

■  42%  worry  about  its  effectiveness  for  business  continuity 

■  38%  worry  about  its  effectiveness  when  it  comes  to 
enabling  compliance  with  federal,  state,  or  industry 
regulations 


Solving  the  Problem 

Unfortunately,  many  executives  are  still  unaware  of  the 
options  available  to  solve  the  problem.  The  survey  asked 
respondents  about  their  inclination  toward  using  a  cloud- 
based  hosted  solution  for  email  management  and  the 
results  indicated  a  strong  surge  in  outsourcing.  While  only 
about  12  percent  of  respondents  are  already  doing  so,  38 
percent  said  they  are  likely  to  pursue  a  cloud-based  solution 
(34  percent  said  that  they  are  likely  to  implement  it  in  the 
next  12  months). 

This  subgroup  expects  a  number  of  cost-  and  efficiency-re¬ 
lated  benefits  from  using  a  hosted  solution  for  email  storage, 
including: 

■  Lowered  burden  on  physical  resources  (61%) 

■  Lowered  burden  on  IT  staff  (54%) 

■  Scalability  (53%) 

■  Quick  access  for  eDiscovery  (22%) 

Even  more  important,  cloud-based  hosted  email  manage¬ 
ment  solutions— such  as  those  offered  by  Iron  Mountain- 
can  accommodate  the  concerns  of  executives  in  multiple 
business  areas,  including:  finance  (by  exchanging  capital 
expenses  for  operating  expenses);  legal  (by  facilitating  eDis¬ 
covery  searches  and  production);  compliance  (by  improv¬ 
ing  risk  management);  records  management  (by  ensuring 
proper  retention  of  email  records);  operations  (by  increasing 
overall  efficiency);  and  information  technology  (by  lowering 
administrative  burden). 

Hosted  cloud-based  email  management  solutions  can  quell 
many  of  the  concerns  revealed  by  the  survey.  They  offer 
consistent  operational  expenses  while  helping  to  maintain 
productivity  and  protect  business  continuity. 


For  further  results  and  insight  into  this  IDG  Research 
Services  survey,  visit  www.cio.com/whitepapers/ 

email  and  download  the  free  white  paper  "The  Shifting 
State  of  Email  Management". 
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as  a  corporate  priority:  Seventy-six  percent 
say  the  increased  risk  environment  has 
elevated  the  importance  of  cybersecurity 
among  the  top  brass,  while  77  percent  said 
the  increasingly  tangled  web  of  regula¬ 
tions  and  industry  standards  has  added 
to  the  sense  of  urgency. 

Respondents  were  asked  how  impor¬ 
tant  various  security  strategies  had 
become  in  the  context  of  harsher  economic 
realities.  Seventy  percent  cited  the  grow¬ 
ing  importance  of  data  protection  while  68 
percent  cited  the  need  to  strengthen  the 
company’s  governance,  risk  and  compli¬ 
ance  programs. 


pitch  (instead  of  the  CIO)  and  delegating 
responsibility  among  lower-level  IT  secu¬ 
rity  administrators  and  engineers. 

None  of  these  developments,  however, 
make  a  focus  on  information  security 
a  sure  bet  in  the  eyes  of  IT  leaders.  Just 
because  companies  feel  they  have  to  spend 
money  on  security  doesn’t  mean  execu¬ 
tives  view  it  as  an  essential,  even  beneficial 
business  process  instead  of  a  pain-in-the- 
neck  task  being  forced  upon  them. 

Angee  said  CIOs  and  security  leaders 
still  have  to  fight  hard  for  every  penny. 
Meanwhile,  security  execs  don’t  have  the 
same  decision-making  power  as  other 


How  Cybercrime  Costs  You 

Losses  from  incidents  average  $833,000 

The  business  impact  of  security  breaches 


Financial  loss 

Brand  or  reputation  compromised 
Intellectual  property  theft 


42% 


Home  page  altered  or  defaced  20% 

Fraud  17% 

Multiple  responses  allowed 


Notes  Mauricio  Angee,  senior  manager 
of  IT  security  and  compliance  and  CSO 
at  Universal  Orlando:  “For  segregation  of 
duty  purposes,  it’s  interesting  to  see  how 
companies  are  being  asked— by  compli¬ 
ance  auditors,  qualified  security  assessors 
and  through  legislation— to  hire  IT  secu¬ 
rity  managers  with  a  much-more-defined 
set  of  roles  and  responsibilities.”  Such 
roles  include  setting  the  company’s  secu¬ 
rity  policy,  making  the  security  budget 


C-level  leaders  in  every  company,  says 
PricewaterhouseCoopers’  Lobel.  CIOs  can 
bring  in  a  CSO  or  CISO  without  a  strategy 
and  budget  for  that  person  to  work  with 
and  end  up  achieving  nothing.  If  some¬ 
thing  goes  wrong,  he  concludes,  “all  you’ll 
have  is  somebody  to  blame  and  fire.”  hi»i 


Bill  Brenner  is  a  senior  editor  with  CSO 
magazine  and  CS0online.com.  Follow  him  on 
Twitter:  ww\A/.twitter.com/BHIBrenner70. 


ow  We  Got  the  Numbers 


The  seventh-annual  "Global  State  of  Information  Security"  survey-a  worldwide  study  by  CIO, 
CSO  and  PricewaterhouseCoopers-was  conducted  online  from  April  20, 2009,  through  June 
23, 2009.  CIO  and  CSO  print  and  online  customers  and  clients  of  PricewaterhouseCoopers 
from  around  the  globe  were  invited  to  take  the  survey.  Results  are  based  on  responses  from 
7,276  security  and  information  technology  professionals  from  more  than  100  countries. 
Thirty-two  percent  of  respondents  were  from  North  America,  followed  by  Asia  (27  percent), 
Europe  (26  percent).  South  America  (14  percent)  and  the  Middle  East  and  South  Africa 
(2  percent).  The  margin  of  error  for  this  survey  is  +/- 1  percent. 

-Carolyn  Johnson,  research  manager 


MODERN  TECH  TALK 

with  Jim  Malone 


Server  Advantage 

IT  needs  to  consider  refreshing  existing  infra¬ 
structure  with  servers  that  deliver  more  per¬ 
formance,  scalability,  and  more  efficiency.  With 
the  debut  of  the  Intel  Xeon  processor  5500 
series  earlier  this  year,  that  server  refresh  will 
deliver  exponential  benefits.  Faster,  more  effi¬ 
cient  processing,  energy  conservation,  and  an 
integrated  path  to  virtualization  are  some  of 
the  constellation  of  benefits  CIOs  can  expect 
from  a  server  upgrade  based  on  Intel  Xeon 
processor  5500  series. 

Explains  Intel's  Eric  Doyle: 

"Think  of  it  this  way:  If  you  have 
4-year  old  servers  you  can  get  up 
to  a  9  to  1  server  consolidation 
ratio.  What  that  means  is  you're 
getting  90  percent  lower  operating 
cost  because  not  only  are  the  5500  series- 
based  servers  high  performance,  they're  much 
more  energy  efficient  and  you  are  using  a  lot 
fewer  of  them.  We  can  show  you  how  to  get 
an  eight  month  payback  on  your  investment." 

Intel's  own  IT  department  is  known  for  walking 
the  walk.  "It  may  seem  funny  that  although 
our  success  is  based  on  driving  sales  of  pro¬ 
cessors,  we're  out  showing  people  how  you 
can  buy  fewer  systems,  and  still  get  the  same, 
if  not  more,  work  done.  But  we're  very  proud 
to  go  out  and  share  our  best  known  methods, 
what  has  worked  for  Intel,  we're  more  than 
willing  to  share  those  ideas  with  anyone  who 
wants  to  listen." 

Add  in  a  virtualization  initiative,  and  Doyle  says 
the  benefits  only  get  better. 

"Virtualization  is  hugely  important,  not  only 
from  a  consolidation  perspective,  but  from 
ease  of  administration,  flexibility,  being  able  to 
change  things  on  the  fly,  failover,  it  really  is  the 
wave  of  the  future. 

"We  have  virtualization  technology  built  into 
not  only  the  processor,  but  the  chipsets  and 
the  network  interfaces.  Things  for  security, 
things  for  speed,  we've  got  them  all  built  in  to 
not  just  the  processor,  but  the  chipsets  and 
the  network  interface." 

Doyle  says  now's  the  time  to  invest.  "When 
the  recession  ends,  do  you  want  to  be  the 
person  that  has  been  sitting  on  your  wallet, 
not  investing  in  IT  and  being,  could  be  1 2, 1 6 
months  behind  your  competition? 

"I'm  very  comfortable  in  saying  about  the  Xeon 
5500.  it's  more  than  evolution,  it  is  revolution¬ 
ary  in  the  way  that  it  performs  what  it  delivers 
to  the  IT  professional." 

Share,  collaborate  and  innovate  with 
industry  technology  enthusiasts 

intel.com/go/xeon 
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^  Today's  IT  Leaders  on  Market  Trends 


Achieving 
Value  from 
GRC  Initiatives 

CIOs  can't  wait  for  better  times  to  build  a  strong 
framework  for  managing  Governance,  Risk  and 
Compliance  (GRC)  requirements.  It's  an  always-on  priority. 

FOR  MANY  ORGANIZATIONS  IT  HAS  ALSO  BEEN  A  COSTLY  ONE.  The  amount  of 
man-hours  and  money  currently  spent  on  manual  control  processes  and  audits  isn’t 
sustainable— neither  in  today’s  difficult  environment  nor  over  the  long  term. 

IDG  Research  Services’  “IT  Governance,  Risk  and  Compliance”  survey  points  to 
the  extra  labor  and  cost  burdens  created  when  IT  organizations  lack  a  systematic, 
automated  approach  to  managing  GRC.  Among  the  survey’s  findings: 

■  More  than  half  of  the  200  IT  and  business  management  respondents  worldwide  report 
that  the  amount  of  time  spent  on  IT  GRC  issues  has  increased  compared  to  one  year  ago. 

■  Among  IT  managers,  nearly  60  percent  say  that  GRC  issues  affect  staff  time  spent 
on  changes  and  administrative  tasks.  Half  of  them  state  that  IT  is  constantly  reacting 
to  problems,  and  almost  as  many  cite  that  the  cost  of  operations  rises  as  a  result  of 
these  issues. 

■  More  than  15  percent  of  companies’  2009  budgets  are  allocated  to  IT  governance, 
risk  and  compliance  efforts. 

But  IT  leaders  are  concerned  about  more  than  just  the  day-to-day  routine  expenses. 
Potential  revenue  loss  due  to  deficiencies  in  addressing  risk— and  the  possible  missed 
opportunities  to  leverage  process  excellence  to  increase  business  value— weigh  on 
their  minds  as  well. 

Clearly,  a  comprehensive  GRC  foundation  must  be  a  critical  part  of  overall  IT  plans. 
To  ensure  corporate  integrity,  sustainability  and  profitability,  organizations  must  be 
able  to  manage,  track  and  automate  GRC  processes  and  activities  in  a  streamlined,  coor¬ 
dinated  and  continuous  way.  That’s  a  struggle  for  more  than  one-third  of  all  respon¬ 
dents  to  the  IDG  survey,  who  said  they  found  it  difficult  to  define  a  governance,  risk 
and  compliance  strategy.  Without  such  a  strategy— and  the  tools  to  make  actionable  the 
policies  it  dictates  in  a  repeatable  and  consistent  way— it’s  likely  that  the  majority  of  IT 
labor  time  will  be  consumed  on  piecemeal,  manual  tasks.  In  addition,  the  complexities 
of  the  technology  environment  will  lead  to  additional  process  inefficiencies,  jeopardiz¬ 
ing  continuous  compliance  and  risk  reduction. 


Business  Service 
Management  provides 
IT  organizations  with  the 
technology  to  si mp]  i  fy, 

st  a 1 1  d ard  i  zc  and  auto- 
mate  processes  to  meet 
compliance  require¬ 
ments  and  reduce  risk. 


About  G102CI0: 

This  peer-based  thought  leadership  program 
analyzes  quantitative  research  and  tests  it 
via  qualitative  interviews  with  actual  CIOs. 
The  resulting  executive  insight  is  then 
disseminated  via  IDG's  multimedia  assets. 

To  learn  more  about  the  00200  program, 
please  contact  charles_lee@idg.com 
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Top  Drivers  of  IT  Governance  initiatives  mm  AI1  Respondents 


increasing  Aligning  Effective  Avoiding  Managing  Increasing  the 

efficiency  and  business  and  information  business  IT  costs  level  of  customer 

productivity  IT  goals  management  interruption  confidence 


GRC  Is  a  High  Priority 

GRC  is  an  important  priority  for  seven  out  of  ten  respon¬ 
dents.  When  asked  about  the  business  benefits  of  resolv¬ 
ing  GRC  issues,  84  percent  of  respondents  cited  fewer 
business  service  interruptions  and  82  percent  cited  the 
ability  to  quickly  launch  new  business  initiatives.  IT  and 
business  benefits  to  be  realized  from  resolving  these 
issues  range  from  improved  data  quality  to  tighter  IT 
security  controls. 

To  gain  these  advantages,  organizations  must  aggres¬ 
sively  tackle  some  key  components  of  a  sound  GRC  plan. 

Top  Requirements  for  GRC  Success 

Businesses  worldwide  recognize  that  IT  process  automa¬ 
tion,  along  with  IT  process  integration  and  enterprise 
security  software,  are  critical  or  very  important  to  GRC 
efforts,  with  survey  respondents  ranking  them  as  their 
top  three  requirements  for  success.  More  than  half  see 
the  importance  of  IT  process  automation  increasing  in 
the  next  12  to  24  months,  and  nearly  two-thirds  state 
that  configuration  management,  visibility  and  control,  as 
well  as  asset  and  software  license  management,  are  either 
critical  or  very  important  to  current  GRC  initiatives. 

Given  the  importance  of  automation  and  integration 
to  GRC  efforts,  it’s  not  surprising  to  see  respondents 
adopting  best-practice  frameworks  that  emphasize  such 
capabilities.  Just  under  half  are  using  the  IT  Infra¬ 
structure  Library®  (ITIL),  but  that  figure  rises  to  nearly 
75  percent  when  those  who  plan  to  implement  it  axe 
included.  Close  to  65  percent  of  respondents  report  they 
currently  are  close  or  plan  to  implement  COBIT  (Control 
Objectives  for  Information  Related  Technology).  To¬ 
gether  these  frameworks  address  increasing  regulations, 
legislation  and  requirements  by  helping  IT  departments 
to  stabilize  IT  operations  and  put  in  place  the  internal 
control  systems  to  deliver  against  business  needs.  Effec¬ 
tively  implementing  best-practice  frameworks,  however, 
requires  software  to  codify,  automate,  integrate  and 
report  on  the  processes  that  facilitate  GRC  management 


activities  as  part  of  daily  IT  workflows.  Such  software  can 
also  lower  compliance  costs  and  improve  service  quality. 

As  companies  move  to  use  best-practice  frameworks 
to  translate  IT  actions  into  clear  and  auditable  business 
terms,  they  may  want  to  consider  teaming  IT  and  busi¬ 
ness  leaders  together  to  set  IT  GRC  strategies. 

Realize  the  GRC  Vision 

Business  Service  Management  (BSM)  from  BMC  can 
help  guide  companies  to  create  and  document  processes 
and  build  out  GRC  capabilities  in  a  methodical  way— all 
the  while  defining  and  managing  expectations  set  be¬ 
tween  IT  and  the  business. 

The  BSM  platform  provides  IT  organizations  with  the 
technology  to  simplify,  standardize  and  automate  pro¬ 
cesses  to  meet  internal  and  external  compliance  require¬ 
ments  and  reduce  risk.  BSM  enables  GRC  capabilities  in 
the  context  of  the  portfolio  of  services  most  relevant  to 
the  business.  IT  delivers  value  in  the  short  term,  while 
building  out  the  pieces  of  a  comprehensive  and  coordi¬ 
nated  strategy  for  managing,  tracking  and  automating  the 
processes  and  activities  necessary  for  meeting  multiple 
compliance  requirements  over  the  long  haul. 

Technology  alone  won’t  solve  all  of  the  GRC  issues 
companies  face.  BSM  technology,  however,  plays  a  sig¬ 
nificant  role  in  implementing  the  resulting  GRC  strategy, 
automating  key  GRC  processes,  and  ultimately  enabling 
IT  to  focus  its  agenda  and  investments  on  the  proactive 
and  strategic  projects  that  will  help  the  business  succeed. 


Go  to  www.cio.com/whitepapers/bmc  to  obtain  a  free  down¬ 
load  of  the  white  paper  "Driving  Value  from  GRC  Initiatives." 
Based  on  a  major  research  survey  by  IDG  Research  Services,  this 
paper  draws  on  peer  insights  to  help  CIOs  implement  a  strategy 
to  maximize  the  value  of  GRC  initiatives. 


<bmcsoftware 
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Dynamic  Duos 

Kick  the  lonely  CIO  habit.  New  research  suggests  partnerships 
are  the  career  boost  we  need,  by  Stephanie  overby 

Let's  face  it:  As  CIO,  you’re  lonely.  You’ve  got  teams  of  people  working  below  you,  a  boss  and  board 
weighing  in  from  above  and  executive  peers  who  don’t  get  what  you  do.  What  you  need  is  a  partner. 

Not  the  kind  of  partner  that’s  become  a  C-suite  cliche— “We’re  partnering  with  a  new  vendor”  or 
“We  have  to  partner  with  the  business”— but  a  real  honest-to-goodness  collaboration  between  you  and 
another  human  being  reaching  common  goals  you  could  never  achieve  individually. 

“Isolation  is  quite  literally  unhealthy— as  bad  for  you  as  smoking  or  lack  of  exercise,”  explains  Rodd 
Wagner  who,  with  fellow  Gallup  executive  Gale  Muller,  coauthored  the  book  Power  of  2:  How  to  Make 
the  Most  of  Your  Partnerships  at  Work  and  in  Life.  “The  more  we  collaborate,  the  more  we  accomplish.”  In 
fact,  Wagner  and  Muller,  who  studied  thousands  of  one-on-one  collaborations  to  determine  what 
makes  them  successful,  found  that  the  highest  levels  of  happiness  and  engagement  kick  in  ►  ► 
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when  a  person  has  five  to  10  good  alliances. 

Raytheon  vice  president  and  CIO  Rebecca  Rhoads  credits 
some  of  her  success  to  alliances  formed  with  peers  in  engineering, 
finance,  supply  chain,  communications,  HR,  business  develop¬ 
ment  and  legal.  “They  often  give  me  new  insights,”  she  says. 

Potential  partners  can  be  found  among  your  direct  reports  or 
in  the  C-Suite  Wagner  says.  The  problem  is  you  can’t  just  throw 
any  two  people  together  and  expect  a  fruitful  relationship  to 
flourish.  To  create  more  perfect  unions,  Wagner  and  Muller  lay¬ 
out  eight  requirements:  complementary  strengths,  a  common 
mission,  fairness,  trust,  acceptance,  forgiveness,  communicating 
and  unselfishness.  That  means  the  assistant  that  doesn’t  exactly 
share  the  workload  may  not  be  partner  material.  And  that  VP 
who  sees  you  as  his  main  competition?  Not  a  partner. 

Also  avoid  partnering  with  your  corporate  doppelganger. 
“You  don’t  need  another  person  just  like  you  as  a  partner,”  Muller 
explains.  “You  need  someone  who  has  what  you  don’t.” 

Savvy  IT  executives  should  foster  solid  partnerships  among 
their  staff,  too.  Employees  with 
one  collaborative  relationship 
are  29  percent  more  likely  to  say 
they’ll  stay  with  their  company  for 
the  next  year  and  42  percent  more 
likely  to  say  they’ll  intend  to  stick 
it  out  for  their  careers,  according 
to  Gallup  research.  Wagner  and 
Muller  also  discovered  that  work¬ 
ers  who  are  well-partnered  gener¬ 
ate  higher  customer  satisfaction  scores,  safety,  retention,  creativity, 
productivity  and  profitability  for  their  companies. 

If  it  seems  your  reports  are  competing  rather  than  collaborat¬ 
ing,  take  a  closer  look  at  your  incentives.  “There  is  a  pervasive 
bias  for  shining  the  spotlight  on  one  person.  You  can  see  it  in  how 
the  press  wanted  to  know  whether  Edmund  Hillary  or  Tenzing 
Norgay  stepped  first  on  the  summit  of  Everest,”  says  Muller. 

Although  serious  violations  of  trust  are  rare,  even  the  best 
relationships  can  go  astray.  “There  are  crucial  moments  when 
one  of  the  partners  has  to  make  a  leap  of  faith,”  says  Muller.  “This 
often  means  forgiving  an  error  or  being  willing  to  give  more. 
Partnerships  need  to  be  fair,  but  fair  doesn’t  mean  equal.” 

If  all  this  sounds  like  foreign  territory,  that’s  because  it  is. 
Corporate  history  may  contain  examples  of  successful  partner¬ 
ships— Disney’s  Michael  Eisner  and  Frank  Wells,  Bill  Hewlett 
and  Dave  Packard— but  business  books  tend  to  focus  on  how  to 
be  a  great  leader,  not  a  great  better-half.  “We  have  a  culture  that 
emphasizes  being  the  all-around  hero,  even  though  research  is 
quite  clear  that  each  of  us  is  a  mixture  of  strengths  and  weak¬ 
nesses.  It’s  a  real  blind  spot  in  business  strategy,”  says  Wagner. 
To  forge  good  partnerships,  “you  have  to  recognize  both  that  you 
need  help  and  that  you  are  also  the  help  someone  else  needs.” 


Stephanie  Overby  is  a  freelance  writer  living  in  Massachusetts. 


Our  culture 
emphasizes 
being  the  hero. 
It's  a  weakness 
in  business 
strategy. 


How  can  I  assess  a 
potential  employer’s 
office  space  to  determine 
whether  its  corporate 
culture  suits  me? 


LJ 


ELAINE  VARELAS  is  managing  partner  at 
Keystone  Partners  and  has  over  20  years  experience 
in  career-development  consulting. 

L  Always:  Identify  the  culture  where  you  thrive, 
and  pursue  that  culture.  Do  you  excel  in  more  formal 
hierarchical  organizations  or  informal,  loosely  orga¬ 
nized  structures?  And  remember,  when  leadership 
changes,  the  culture  changes,  too. 

Often,  the  address  of  a  company  will  tell  you  all 
you  need  to  know  about  the  company  culture.  If  they 
are  located  in  the  business  district  of  a  city  rather 
than  a  funkier  part  of  town,  there  is  a  good  chance 
the  office  is  more  likely  to  be  business  professional 
than  business  casual,  for  instance.  What  is  happening 
at  the  front  desk?  Is  the  receptionist  working  with 
equipment  that  is  part  of  current  communications 
technology  plan  or  an  obsolete  phone  system?  If  it's 
outdated,  that  may  be  an  indication  of  where  invest¬ 
ments  in  technology  fall  as  a  business  priority. 

L  Sometimes:  Ask  current  employees  to  describe 
the  culture.  If  there  are  differences  between  what 
former  employees  have  said,  ask  about  that,  and 
identify  why.  Take  note  of  private  office  space.  Are 
cubes  or  offices  used?  Are  there  many  private  confer¬ 
ences  rooms  being  used?  Also  notice  whether  office 
doors  are  open  or  closed.  This  is  a  good  indication  of 
the  how  well  the  company  collaborates  on  projects. 
And  note  the  technology  each  person  has.  Are  they 
limited,  or  part  of  each  person's  repertoire  of  tools  to 
work  more  effectively? 


L  Never:  Don't  compare  one  company  to  another 
and  don't  disparage  other  companies.  Don't  be 
threatening,  judgmental  or  hasty  in  your  assess¬ 
ments.  If  you  find  things  lacking  or  not  up  to  par, 
remember  that  those  short  comings  may  provide 
tremendous  professional  opportunities  if  you  take  a 
position  with  the  company. 
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Let  Your  Hands  Do  the  Talking 

Your  gestures,  expressions  and  body  language  all  speak  volumes. 

But  are  you  really  listening?  by  maryfran  johnson 


Before  you  even  open  your  mouth,  you’ve 
spoken  volumes. 

That’s  the  reality  of  our  interaction  with 
other  people,  whether  we’re  facing  a  crowded 
conference  hall,  an  executive  boardroom 
meeting  or  an  audience  of  one. 

Remember  Sting’s  ’80s-era  hit  “Every  Breath  You 
Take”?  That  catchy,  creepy  song  about  watching  “every 
move  you  make”  could  be  the  theme  song  for  any 
audience  you  face.  On  an  instinctive,  largely  unconscious 
level,  people  are  reading  your  gestures 
and  watching  your  face  for  clues  about 
what’s  going  to  happen  next. 

Communications  coach  Nick  Morgan 
calls  this  the  “second  conversation”— 
the  silent  communication  that  pulses 
outward  from  our  posture,  gestures, 
facial  expressions  and  overall  body  lan¬ 
guage  while  we’re  speaking.  The  primal 
impact  of  that  second  conversation  is  why 
making  eye  contact  matters  so  much,  and 
why  you  should  open  your  hands  outward  toward  people 
to  inspire  their  trust. 

While  most  of  us  know  better  than  to  stand  in  front 
of  any  audience  with  arms  crossed  defensively  over  our 
chests,  many  executives  “are  surprisingly  oblivious  in  day- 
to-day  work  of  what  their  body  language  is  saying,”  says 
Morgan,  author  of  Trust  Me:  Four  Steps  to  Authenticity  and 
Charisma.  “Most  of  my  [coaching]  work  is  about  creating  the 
discipline  to  monitor  yourself  and  others  in  room.” 

Spoken  words  and  gestures  are  inextricably  linked,  he 
notes,  but  it’s  only  in  the  past  decade  of  brain  research  that 
our  understanding  changed  about  how  communication 


Executives 
“are  surprisingly 
oblivious  of 
what  their 
body  language 
is  saying." 

Communications  coach  Nick  Morgan 


happens  between  human  beings.  “We  actually  express 
things  physically  before  we  talk,”  Morgan  explains.  “What 
the  brain  research  shows  is  that  the  two  conversations 
should  be  reversed.  The  ‘gesture’  conversation  happens 
first.” 

Fran  Dramis  can  believe  that. 

“I’m  an  Italian.  I  have  to  speak  with  my  hands,”  says 
the  extroverted  former  CIO  of  Bell  South,  who’s  given  talks 
to  audiences  as  large  as  10,000.  Now  CEO  of  F.  Dramis, 
a  business  strategy  consultancy  in  Atlanta,  he  always 
abandons  the  podium  to  stalk  around 
the  stage,  making  eye  contact  with  sev¬ 
eral  individuals  and  then  returning  to 
them  periodically  to  visually  check  in. 
Are  they  nodding  and  smiling  still?  Or 
losing  interest? 

“I’ve  always  believed  that  if  you  don’t 
get  a  feeling  out  of  an  audience,  they  will 
remember  nothing  of  your  talk.  Zero!” 
Dramis  says.  “Inspiring  that  feeling  is 
what  enables  them  to  understand  your 
content,  to  remember  what  you  said.” 

So  how  can  you  turn  this  subtle  “second  con¬ 
versation”  to  your  advantage?  If  you  don’t  have  the 
resources  to  work  with  a  professional  speech  coach,  try 
videotaping  yourself  while  rehearsing  your  talk, 
Morgan  recommends.  Connecting  with  others  is  all 
about  “posture  and  nearness,”  he  adds,  so  stand  up 
straight,  move  toward  your  audience  and  let  your 
gestures  do  the  talking.  They  will  anyway. 

Maryfran  Johnson  in  CIO  magazine's  editor  in  chief.  Reach  her  at 
mfiohn50n@cio.com. 


Quick  Fix  *  ■  ■  Power  Networking :  Most  agree  that  networking  is  the  best  way  to  land  a  new  gig. 
But  adding  a  job  search  champion  to  your  network  boosts  its  ability  to  get  you  hired.  A  champion  is 
someone  who  knows  you  well  and  actively  endorses  you  to  potential  employers.  Having  one  or  more  on 
your  side  can  speed  up  your  job  hunt  and  predispose  hiring  managers  to  wanting  you  at  their  company. 
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Join  your  peers  on  the  CIO  Executive  Council 

The  Council  is  exclusively  comprised  of  Senior  IT  Executives 
uniting  forces— creating  the  most  unbiased  and  reality-tested 
peer-advisory  resource  in  the  profession. 

CIOs  are  the  Advisors  of  strategy 

CIOs  are  the  Leaders  of  the  technology  world 

CIOs  are  the  Influencers  of  innovation 

•  Partake  in  facilitated  virtual  and  face-to-face  meetings  comprised 
of  senior  level  executives  from  over  500  companies  worldwide 

•  Exchange  personal  expertise  and  ideas  on  business  strategy  and 
leadership  development  with  select  members  of  the  council 

•  Experience  global  networking  opportunities  through  our  top  notch 
CIO  events  and  conferences 

Join  Our  Team 
council.cio.com 
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Mid-Market  CIOs  vs.  Technology  Providers 


Advise  your  team  on  how  to  forge  more  effective  CIO 
and  vendor  partnerships 

Lead  with  your  best  game  plan  and  close  the  gap 

Influence  the  mid-market  by  providing  right  sized  IT  solutions 


Get  to  the  end  zone  -  access  our  complimentary  Playbook 
Excerpt  or  purchase  the  full  Playbook,  a  unique  resource, 
developed  by  CIOs  for  CIOs  and  the  vendor  community  that 
supports  them. 


Know  Your  Next  Move 

council.cio.com/playbook 
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Cruise  Control 

Seattle  drivers  can  find  out  about  traffic  not  only  when  they’re  in  it  but  also  on  the  Department  of 
Transportation’s  Traveler’s  Information  Map— an  interactive  website  tracking  real-time  traffic  patterns 
along  many  of  the  city’s  arterial  roads.  Before  the  site’s  March  launch,  static  online  maps  of  area  freeways 
were  the  only  resource  for  city  drivers. 

There  are  70  road  cameras  represented  on  the  map:  Displayed  in  a  mouse-over  is  a  current  image  of 
each  roadway.  Detectors  on  the  roads  log  information  on  speed,  volume  and  road  occupancy,  which  is 
converted  into  color-coded  congestion  patterns  for  the  map.  The  site  also  shows  registered  incidents  and 
planned  events  that  may  cause  heavier  traffic.  Even  with  less  overall  traffic  due  to  the  recession,  Seattle 
CTO  Bill  Schrier,  says  the  site  is  quite  popular  with  drivers,  noting  more  than  7.1  million  page  views  since 
its  launch.  Coming  up  next:  a  mobile  version  for  iPhones.  -Simone  Levien 
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Introducing  Xerox  ColorQube,  color  prints 
are  now  62%  cheaper. 

The  new  Xerox  ColorQube™  multifunction  printer  cuts  the  cost  of  color  prints  by  up  to  62%  compared  to  traditional  color  lasers, 
without  compromising  on  quality.  And  with  Xerox  unique  cartridge-free  Solid  Ink  technology,  it’s  not  only  easy  to  use,  but  also 
reduces  waste  by  90%.  What’s  more,  this  high-performance  line  of  MFPs  can  handle  the  busiest  work  environments. 

So  now  you  can  print  in  color  without  going  into  the  red. 


1  -800-ASK-XEROX 
FinallyColorIsLess.com 


Ready  For  Real  Business 
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Finally,  a  storage  solution  that  doesn’t  force  you  to  choose  either  cost  efficiency 

or  improved  business  performance.  NetApp’s  uncompromising  approach  to  storage 

and  data  management  can  both  lower  IT  costs  and  help  to  bolster  your  company’s 

competitiveness.  Find  out  how  storage  efficiency  without  compromise  can  help  your 
company  go  further,  faster.  Visit  netapp.com/and  today. 

NetApp 

Go  further,  faster 
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